CVE-2015-9454

Name of the Vulnerable Software and Affected Versions smooth-slider plugin versions prior to 2.7

Description The issue concerns SQL Injection via the current slider id parameter in the /wp-admin/admin.php?page=smooth-slider-admin API endpoint. This allows for potential exploitation. No information is provided about the estimated number of affected devices or real-world incidents.

Recommendations For versions prior to 2.7, update to version 2.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the /wp-admin/admin.php?page=smooth-slider-admin API endpoint until the issue is resolved. Avoid using the current slider id parameter in the affected API endpoint until the issue is resolved.