CVE-2026-34424: Smart Slider 3 Pro RCE

Patch now - CVE-2026-34424 is a critical supply-chain vulnerability in Smart Slider 3 Pro version 3.5.1.35 that grants unauthenticated full site takeover via a malicious update delivering a persistent remote access toolkit. Complete deletion and reinstallation from the official source are required.

Overview

CVE-2026-34424 is a critical supply-chain vulnerability affecting Smart Slider 3 Pro version 3.5.1.35 for WordPress and Joomla. The plugin’s update mechanism was compromised, delivering a malicious update that injected a multi-stage remote access toolkit directly into websites. This allows attackers to take full control of affected sites without any authentication.

Technical Impact

The injected toolkit provides attackers with extensive capabilities. Attackers can trigger remote shell execution simply by sending a crafted HTTP request. The backdoor functionality allows for the execution of arbitrary PHP code and operating system commands, the creation of hidden administrator accounts, and the exfiltration of sensitive data like database credentials and API keys. The malware is designed for persistence, embedding itself in multiple locations such as must-use WordPress plugins and core plugin files, making manual removal difficult.

Affected Versions

• Smart Slider 3 Pro version 3.5.1.35 for WordPress
• Smart Slider 3 Pro version 3.5.1.35 for Joomla All other versions are not affected by this specific supply-chain compromise.

Remediation Steps

Immediate action is required for any site running the affected version.

1. Complete Reinstallation: Do not simply update the plugin. You must first completely remove the compromised version (3.5.1.35) from your site. Delete the plugin files via your hosting control panel or FTP.
2. Install a Clean Version: Download the latest version of Smart Slider 3 Pro directly from the official Nextend web portal. Do not use any cached copies of the plugin from your site backups, as they may contain the malicious code.
3. Security Audit: After reinstallation, conduct a thorough security audit. Check for and remove any unknown administrator users, review server access logs for suspicious activity, and rotate all credentials (database passwords, WordPress salts, API keys). Consider using a security plugin to scan for remaining backdoors.
4. Monitor: Closely monitor the site for unusual behavior. For ongoing threat intelligence, you can review recent incidents in our breach reports and security news.

Security Insight

This incident highlights the severe risk posed by compromised software update channels, a threat vector that bypasses traditional perimeter defenses. It mirrors the pattern of the 2021 CodeCov breach, where a tampered CI/CD tool led to widespread infection. The sophistication of the injected toolkit-featuring multiple persistence mechanisms-suggests the compromise was targeted and deliberate, raising serious questions about the security of the vendor’s build and distribution infrastructure.

Further Reading

• All Critical Vulnerabilities
• Recent Critical Vulnerabilities
• Top Critical CVEs