PLUGIN SECURITY
Is Smart Slider 3 safe?
Known vulnerabilities, PHP compatibility and safer alternatives for the Smart Slider 3 WordPress plugin — checked against WP Clinic's local security database.
Plugin details
- Slug:
smart-slider-3 - Requires PHP: 7.0+
- Max supported PHP (analyzed): <8.0
Known vulnerabilities
- Smart Slider 3 [smart-slider-3] < 3.5.0.9 [CVE-2021-24382, WordPress Smart Slider 3 plugin <= 3.5.0.8 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability, Smart Slider 3 <= 3.5.0.8 - Authenticated Stored Cross-Site Scripting, Smart Slider 3 < 3.5.0.9 - Authenticated Stored Cross-Site Scripting (XSS)]
- Smart Slider 3 [smart-slider-3] < 3.5.1.11 [CVE-2022-3357, WordPress Smart Slider 3 plugin <= 3.5.1.9 - PHP Object Injection vulnerability, Smart Slider 3 <= 3.5.1.9 - PHP Object Injection, Smart Slider 3 < 3.5.1.11 - PHP Object Injection]
- Smart Slider 3 [smart-slider-3] < 3.5.1.11 [CVE-2022-45845, WordPress Smart Slider 3 plugin <= 3.5.1.9 - Auth. PHP Object Injection vulnerability, Smart Slider 3 <= 3.5.1.9 - Authenticated (Contributor+) PHP Object Injection]
- Smart Slider 3 [smart-slider-3] < 3.5.1.11 [CVE-2022-45843, WordPress Smart Slider 3 <= 3.5.1.9 - Auth. Stored Cross-Site Scripting (XSS) vulnerability, Smart Slider 3 <= 3.5.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting, Smart Slider 3 < 3.5.1.11 - Contributor+ Stored XSS]
- Smart Slider 3 [smart-slider-3] < 3.5.1.14 [CVE-2023-0660, Smart Slider 3 <= 3.5.1.13 - Authenticated (Contributor+) Stored Cross-Site Scripting, WordPress Smart Slider 3 Plugin < 3.5.1.14 is vulnerable to Cross Site Scripting (XSS), Smart Slider 3 < 3.5.1.14 - Contributor+ Stored XSS]
+ 5 more known vulnerabilities
- Smart Slider 3 [smart-slider-3] < 3.5.1.23 [CVE-2024-3027, Smart Slider 3 <= 3.5.1.22 - Missing Authorization to Limited File Upload, WordPress Smart Slider 3 Plugin <= 3.5.1.22 is vulnerable to Broken Access Control]
- Smart Slider 3 [smart-slider-3] < 3.5.1.29 [CVE-2025-6348, Smart Slider 3 <= 3.5.1.28 - Authenticated (Administrator+) SQL Injection via `sliderid` Parameter, WordPress Smart Slider 3 Plugin <= 3.5.1.28 is vulnerable to SQL Injection, EUVD-2025-23148]
- Smart Slider 3 [smart-slider-3] < 3.5.1.34 [CVE-2026-3098, Smart Slider 3 <= 3.5.1.33 - Authenticated (Subscriber+) Arbitrary File Read via actionExportAll]
- Smart Slider 3 [smart-slider-3] < 3.5.1.34 [CVE-2026-4065, Smart Slider 3 <= 3.5.1.33 - Missing Authorization to Authenticated (Contributor+) Slider Data Read and Image Record Manipulation, EUVD-2026-19956]
- Smart Slider 3 [smart-slider-3] < 3.5.1.37 [CVE-2026-9197, Smart Slider 3 <= 3.5.1.36 - Authenticated (Administrator+) Path Traversal to Arbitrary File Read via 'src'/'srcset' Attribute in HTML Export, EUVD-2026-34944]
Vulnerabilities are matched against the exact installed version when it's known. Always keep the plugin updated to the latest release.
Safer / more established alternatives
- Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider — 500000+ active installs — max PHP 8.4
- Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery — 400000+ active installs — max PHP 8.4
- Firelight Lightbox — 200000+ active installs — max PHP 8.4
- Photo Gallery by 10Web – Mobile-Friendly Image Gallery — 100000+ active installs
- Photo Gallery by FooGallery : Responsive Image Gallery, Masonry Gallery & Carousel — 100000+ active installs
Check your own WordPress site
Run a free passive scan now, or create a free account and install the WP Clinic plugin for a deep scan of your whole hosting account and AI-assisted repair.