Smart Slider 3 Missing Authorization Vulnerability in WordPress

A vulnerability exists in the Smart Slider 3 plugin for WordPress, allowing unauthorized access and data modification. This issue arises from inadequate capability checks on several wp_ajax_smart-slider3 controller actions, affecting all versions up to and including 3.5.1.33. The vulnerability enables authenticated attackers with Contributor-level access and above to read slider metadata and manipulate image storage records by exploiting the nextend_nonce available on post editor pages.

Impact

Exploitation of this vulnerability allows for unauthorized reading of slider metadata and manipulation of image storage records, including creation, modification, and deletion of such records.

Reproduction

To reproduce this vulnerability, an authenticated user with Contributor-level access or higher can send a request to one of the vulnerable wp_ajax_smart-slider3 controller actions. The request should include the nextend_nonce obtained from a post editor page. Once the request is processed, the user can access slider metadata and manipulate image storage records as described.

Remediation

Users are advised to update the Smart Slider 3 plugin to version 3.5.1.34 or a newer patched version.