Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.8
Slider Future plugin allows attackers to upload any file
CVE-2026-1405
Summary
The Slider Future plugin for WordPress fails to check the type of files that can be uploaded, making it possible for attackers to upload any file to your server. This could allow an attacker to take control of your site. You should update the plugin to the latest version to fix this issue.
Original title
The Slider Future plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'slider_future_handle_image_upload' function in all versions up to, and inc...
Original description
The Slider Future plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'slider_future_handle_image_upload' function in all versions up to, and including, 1.0.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
nvd CVSS3.1
9.8
Vulnerability type
CWE-434
Unrestricted File Upload
Published: 19 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026