CVE-2024-3027

Name of the Vulnerable Software and Affected Versions Smart Slider 3 plugin for WordPress versions up to, and including, 3.5.1.22

Description The issue arises from a missing capability check on the upload function, allowing authenticated attackers with contributor-level access and above to upload files, including SVG files. This can be used to conduct stored cross-site scripting attacks.

Recommendations For versions up to, and including, 3.5.1.22, update to a version higher than 3.5.1.22 to resolve the issue. As a temporary workaround, consider restricting access to the upload function to prevent unauthorized file uploads until a patch is available.