HackTesting
HomeArticlesTagsContact

CVE-2026-14244

The Jssor Slider by jssor.com plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.1.24 via the 'url' parameter parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.

Credits

Nabil Irawan

References

https://www.wordfence.com/threat-intel/vulnerabilities/id/0cd880c9-75fe-420b-ae41-558678adb57b?source=cve
https://plugins.trac.wordpress.org/browser/jssor-slider/tags/3.1.24/interface/api/class-jssor-slider-admin-controller.php#L414
https://plugins.trac.wordpress.org/browser/jssor-slider/tags/3.1.24/interface/api/class-jssor-slider-admin-controller.php#L506
https://plugins.trac.wordpress.org/browser/jssor-slider/tags/3.1.24/interface/api/class-jssor-slider-admin-controller.php#L307
https://plugins.trac.wordpress.org/browser/jssor-slider/tags/3.1.24/jssor-slider.php#L128
https://plugins.trac.wordpress.org/browser/jssor-slider/tags/3.1.24/jssor-slider-dispatcher.php#L96
https://plugins.trac.wordpress.org/browser/jssor-slider/tags/3.1.24/interface/api/class-jssor-slider-admin-controller.php#L43
Published
Jul 8, 2026 04:30:49 UTC
Updated
Jul 8, 2026 04:30:49 UTC
Reserved
Jun 30, 2026 13:48:04 UTC
  • Home
  • Contact Us
  • Recently Updated CVEs
  • Articles
  • Tags
  • RSS Feed
  • Privacy Policy
© 2026 HackTesting. All rights reserved.