File read flaw in Smart Slider plugin impacts 500K WordPress sites A vulnerability in the Smart Slider 3 WordPress plugin, installed on over 800,000 sites, allows authenticated subscriber-level users to read arbitrary server files—including wp-config.php—putting database credentials, keys, and salts at risk and enabling full site takeover. Tracked as CVE-2026-3098 and fixed in version 3.5.1.34, the flaw stems from missing capability and file-type checks in AJAX export actions and leaves roughly 500,000 sites still running vulnerable versions that should update immediately. #SmartSlider3 #CVE-2026-3098

A file read vulnerability in Smart Slider 3 (CVE-2026-3098) affects 500K+ WordPress sites, allowing subscriber-level users to access sensitive server files. Fixed in version 3.5.1.34. #WordPressRisk #PluginFlaw #USA