What is CVE-2026-34424?

CVE-2026-34424 is a critical-severity vulnerability in Nextendweb Smart Slider 3 Pro For Joomla, classified under CWE-506. CVSS score: 9.8/10. Published 2026-04-09.

How severe is CVE-2026-34424?

Critical severity. CVSS v3 base score is 9.8 out of 10.

Vulnerability in Nextendweb Smart Slider 3 Pro For Joomla

CVE-2026-34424

Smart Slider 3 Pro version 3.5.1.35 for WordPress and Joomla contains a multi-stage remote access toolkit injected through a compromised update system that allows unauthenticated attackers to execute arbitrary code and commands. Attackers…

EPSS: 0.003 (57.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Nextendweb Smart Slider 3 Pro For Joomla — versions 3.5.1.35, 0, 3.5.1.36
Nextendweb Smart Slider 3 Pro For Wordpress — versions 3.5.1.35, 0, 3.5.1.36

Weakness classification (CWE)

CWE-506

References

smartslider.helpscoutdocs.com/article/2144-wordpress-security-advisory-smart-sl… (vendor-advisory, patch)
smartslider.helpscoutdocs.com/article/2143-joomla-security-advisory-smart-slide… (vendor-advisory, patch)
patchstack.com/database/wordpress/plugin/nextend-smart-slider3-pro/vulnerabilit… (third-party-advisory)
patchstack.com/articles/critical-supply-chain-compromise-in-smart-slider-3-pro-… (technical-description)
mysites.guru/blog/smart-slider-3-pro-supply-chain-compromise/ (technical-description)

Frequently asked questions

What is CVE-2026-34424?: CVE-2026-34424 is a critical-severity vulnerability in Nextendweb Smart Slider 3 Pro For Joomla, classified under CWE-506. CVSS score: 9.8/10. Published 2026-04-09.
How severe is CVE-2026-34424?: Critical severity. CVSS v3 base score is 9.8 out of 10.