CVE-2026-14244

HIGH

Jssor Slider by jssor.com <= 3.1.24 - Unauthenticated Arbitrary File Read via 'url' Parameter

Title source: cna
STIX 2.1

Description

The Jssor Slider by jssor.com plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.1.24 via the 'url' parameter parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.

Scores

CVSS v3 7.5
EPSS 0.0069
EPSS Percentile 48.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-22
Status published
Products (1)
jssor/Jssor Slider by jssor.com < 3.1.24
Published Jul 08, 2026
Tracked Since Jul 08, 2026