CyberRota
← Ana sayfaya dön

CVE-2026-12385

MEDIUM · CVSS 4.3

Kaynak: NVD + CISA KEV + EPSS · Yayınlanma: 2026-07-13T20:16:42.387 · Çekilme zamanı: 2026-07-14T00:05:24.258091+00:00

CyberRota Yorumu

Detaylı analiz gerekiyor.

CVE
CVE-2026-12385
Severity
MEDIUM
CVSS
4.3
EPSS
Yok
WordPress

Orijinal NVD Açıklaması

The Smart Slider 3 plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.1.37 via the 'keyword' parameter. This makes it possible for authenticated attackers, with contributor-level access and above, to extract titles and full content excerpts of private, draft, pending, trashed, and auto-draft posts authored by any user, including Administrators and Editors. The required nonce is emitted on /wp-admin/post-new.php, which is accessible to Contributor-level users via the edit_posts capability, meaning any Contributor can obtain the nonce needed to trigger the injection.