What the vulnerability does
01Description
Editor Remote Code Execution (RCE) in Responsive Slider by MetaSlider <= 3.106.0 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
What the vulnerability does
Editor Remote Code Execution (RCE) in Responsive Slider by MetaSlider <= 3.106.0 versions.
Explanation of Vulnerability in Simple Terms
Responsive Slider by MetaSlider versions up to 3.106.0 contain a code injection vulnerability that allows high-privileged users to execute arbitrary PHP code on the site. An attacker with admin or equivalent access can inject malicious code through the plugin's input handling, affecting confidentiality, integrity, and availability of the entire WordPress installation.
What an attacker can do
Run arbitrary PHP code on the site with full system access.
Potential impact on your site
A compromised admin account can take full control of your site, steal data, modify content, or install malware.
Conditions required to exploit
Attacker must have high-level admin privileges (e.g., administrator role) on the WordPress site.
Key dates
External resources
Related vulnerabilities