Update the WordPress Smart Slider 3 plugin to the latest available version (at least 18.104.22.168).
Dave Jong discovered and reported this PHP Object Injection vulnerability in WordPress Smart Slider 3 Plugin. This could allow a malicious actor to execute code injection, SQL injection, path traversal, denial of service, and more. This could allow a malicious actor to take-over a website. This vulnerability has been fixed in version 22.214.171.124.
Auth. Stored CrossSite Scripting (XSS) vulnerability
PHP Object Injection vulnerability
Authenticated Stored CrossSite Scripting (XSS) vulnerability