A critical remote code execution vulnerability in Smart Slider 3 Pro allows unauthenticated attackers to establish full control over affected WordPress and Joomla installations.

This is a multi-stage remote access toolkit injected through a compromised update mechanism. It allows unauthenticated attackers to trigger remote shell execution via HTTP headers, establish persistent backdoors, and perform full system compromise.

With a CVSS score of 9.8, this vulnerability poses an extreme risk, enabling total system takeover, data exfiltration, and long-term persistence. The ability to create hidden administrator accounts and modify core files ensures that attackers can bypass standard security controls, leading to total loss of site integrity.

Immediate Action: Immediately disable or uninstall the affected version of Smart Slider 3 Pro and update to the latest patched version provided by the vendor.

Proactive Monitoring: Scan for unauthorized administrator accounts, unexpected PHP files in plugin directories, and suspicious modifications to core system files.

Compensating Controls: Deploy a Web Application Firewall (WAF) with rules configured to block suspicious HTTP header patterns and known exploit signatures associated with this campaign.

Public Exploit Available: Yes

This vulnerability is being actively leveraged by threat actors to gain persistent access. Administrators must treat this as a high-priority incident, perform a full compromise assessment, and apply the vendor-supplied security update immediately.