File read flaw in Smart Slider plugin impacts 500K WordPress sites
Summary
A critical file read vulnerability has been discovered in the Smart Slider 3 WordPress plugin, which is installed on over 800,000 websites. This flaw allows unauthenticated users with subscriber-level privileges to access arbitrary files on the server.
IFF Assessment
The vulnerability allows unauthorized access to sensitive files on a server, which is detrimental to defenders.
Severity
The vulnerability allows for unauthorized reading of arbitrary files, which can lead to information disclosure. Given the potential impact and that it can be exploited by unauthenticated users, a CVSS score of 7.5 (High) is estimated.
Defender Context
This vulnerability poses a significant risk to WordPress sites using the Smart Slider plugin. Defenders should prioritize patching or updating the plugin to a secure version to prevent potential data breaches and unauthorized access to server files. Monitoring for suspicious file access attempts on affected systems is also crucial.