Smart Slider 3 file read flaw puts hundreds of thousands of WordPress sites at risk

A newly disclosed flaw in the Smart Slider 3 WordPress plugin can let logged-in attackers with low privileges read arbitrary files from the server. The bug, tracked as CVE-2026-3098, affects Smart Slider 3 versions through 3.5.1.33 and has been patched in version 3.5.1.34. The issue matters because even a subscriber-level account can abuse it on […] The post Smart Slider 3 file read flaw puts hundreds of thousands of WordPress sites at risk appeared first on VPN Central.