CVE-2026-1405

CRITICAL EXPLOITED NUCLEI

Slider Future <= 1.0.5 - Unauthenticated Arbitrary File Upload via slider_future_handle_image_upload

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2026-1405 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 3 public exploits from researchers including XiaomingX, AnggaTechI, Nxploited. A Nuclei detection template is also available.

AI-analyzed exploit summary This is a functional exploit for CVE-2026-1405 targeting WordPress Slider-Future plugin. It uploads a remote shell via the vulnerable endpoint `/wp-json/slider-future/v1/upload-image/` and verifies its execution by checking for a signature in the response.

Description

The Slider Future plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'slider_future_handle_image_upload' function in all versions up to, and including, 1.0.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.

Exploits (3)

github WORKING POC 10 stars
by XiaomingX · pythonpoc
https://github.com/XiaomingX/data-cve-poc-py-v1/tree/main/2026/CVE-2026-1405

This is a functional exploit for CVE-2026-1405 targeting WordPress Slider-Future plugin. It uploads a remote shell via the vulnerable endpoint `/wp-json/slider-future/v1/upload-image/` and verifies its execution by checking for a signature in the response.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: WordPress Slider-Future plugin (version not specified)
No auth needed
Prerequisites: target URLs list · remote shell URL · optional shell signature for verification
devstral-2 · analyzed Feb 27, 2026 Full analysis →
nomisec SCANNER 2 stars
by AnggaTechI · poc
https://github.com/AnggaTechI/Mass-Scanner-CVE-2026-1405

This repository contains a Python-based scanner for detecting CVE-2026-1405 in WordPress installations. It checks for indicators such as WordPress fingerprints, `/wp-json/` availability, and specific plugin markers to classify targets as likely or possibly vulnerable.

Classification
Scanner 95%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: WordPress with vulnerable plugin (likely related to slider-future)
No auth needed
Prerequisites: list of target URLs · Python 3.10+ · requests and rich libraries
devstral-2 · analyzed Apr 18, 2026 Full analysis →
nomisec WORKING POC
by Nxploited · remote-auth
https://github.com/Nxploited/CVE-2026-1405

This repository contains a functional exploit for CVE-2026-1405, targeting a WordPress Slider-Future plugin vulnerability. The exploit uploads a shell via a vulnerable endpoint and verifies its execution, demonstrating remote code execution (RCE).

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: WordPress Slider-Future plugin (version not specified)
No auth needed
Prerequisites: Target WordPress site with vulnerable Slider-Future plugin · Accessible shell URL for upload · Network connectivity to target
devstral-2 · analyzed Feb 21, 2026 Full analysis →

Nuclei Templates (1)

WordPress Slider Future <= 1.0.5 - Unauthenticated Arbitrary File Upload
CRITICALby pussycat0x

References (2)

Core 2

Scores

CVSS v3 9.8
EPSS 0.2167
EPSS Percentile 95.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

VulnCheck KEV 2026-04-06
CWE
CWE-434
Status published
Products (1)
franchidesign/Slider Future < 1.0.5
Published Feb 19, 2026
Tracked Since Feb 19, 2026