Smart Slider 3 Pro Hit by Sophisticated Multi-Stage Attack

/HIGH
SCW vulnerabilitycvemalwareidentitytools
Smart Slider 3 Pro Hit by Sophisticated Multi-Stage Attack

A severe supply chain compromise affecting Smart Slider 3 Pro for WordPress and Joomla has been detailed by CVE Notify. The vulnerability, tracked as CVE-2026-34424, impacts version 3.5.1.35 and allows unauthenticated attackers to achieve remote code execution. The attack chain is particularly nasty, beginning with a compromised update system that injects a multi-stage remote access toolkit. This toolkit enables attackers to bypass authentication and gain a foothold on affected systems.

According to CVE Notify, the exploit goes far beyond simple code execution. Attackers can establish persistent backdoors capable of accepting arbitrary PHP code or OS commands, create hidden administrator accounts, steal sensitive credentials and access keys, and maintain their presence by modifying core files and injecting code into must-use plugins. This level of access and persistence poses a significant risk to website owners running the vulnerable plugin.

What This Means For You

  • Verify the integrity of plugin update mechanisms and consider implementing a strict plugin vetting process, including checking update sources, before applying updates, especially for critical components like Smart Slider 3 Pro.

Related ATT&CK Techniques

T1190 Exploit Public-Facing Application Initial Access T1078.004 Abuse Cloud Account Persistence T1547.001 Registry Run Keys / Startup Folder Persistence

Indicators of Compromise

IDTypeIndicator
CVE-2026-34424 RCE Smart Slider 3 Pro version 3.5.1.35 for WordPress and Joomla. Vulnerability allows unauthenticated attackers to execute arbitrary code and commands via HTTP headers.
CVE-2026-34424 Code Injection Smart Slider 3 Pro version 3.5.1.35 for WordPress and Joomla. Allows authenticated backdoors accepting arbitrary PHP code.
CVE-2026-34424 Command Injection Smart Slider 3 Pro version 3.5.1.35 for WordPress and Joomla. Allows authenticated backdoors accepting OS commands.
CVE-2026-34424 Privilege Escalation Smart Slider 3 Pro version 3.5.1.35 for WordPress and Joomla. Allows creation of hidden administrator accounts.
CVE-2026-34424 Information Disclosure Smart Slider 3 Pro version 3.5.1.35 for WordPress and Joomla. Allows exfiltration of credentials and access keys.

By Shimi's Cyber World Editorial

Get the full picture on this threat Search by organization or CVE, get structured IOCs for your SIEM, and set watchlist alerts — delivered to your Telegram in seconds.
Try Intel Bot →