Description
The Responsive Accordion Slider plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'resp_accordion_silder_save_images' function in all versions up to, and including, 1.2.2. This makes it possible for authenticated attackers, with Contributor-level access and above, to modify any slider's image metadata including titles, descriptions, alt text, and links.
Published: 2026-01-14
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized modification of WordPress slider image metadata by authenticated users with Contributor or higher access
Action: Immediate Patch
AI Analysis

Impact

The Vulnerable Responsive Accordion Slider plugin incorrectly allows the resp_accordion_silder_save_images function to be called without checking the user's capability. An attacker who is authenticated with Contributor level or higher can exploit this flaw to change any slider’s image titles, descriptions, alt text, and links, effectively defacing the site’s content. This behavior conforms to CWE‑862 (Missing Authorization).

Affected Systems

All installations of the Responsive Accordion Slider plugin by techknowprime, up through version 1.2.2, are impacted. No newer versions are mentioned as affected.

Risk and Exploitability

The CVSS base score of 4.3 indicates moderate impact, and the EPSS < 1 % suggests a low exploitation probability. The vulnerability is not listed in the CISA KEV catalog. Exploitation requires only that the user be logged in with Contributor or higher privileges and use the admin interface to submit the resp_accordion_silder_save_images endpoint.

Generated by OpenCVE AI on April 15, 2026 at 19:12 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Responsive Accordion Slider plugin to a version newer than 1.2.2 that includes a capability check for the resp_accordion_silder_save_images function.
  • If an update is not immediately available, remove or downgrade the Contributor role’s ability to edit or update sliders, or assign a role that lacks the capability to call the affected function.
  • Configure a security logging solution to record changes to slider metadata and alert site administrators to any unauthorized modifications.

Generated by OpenCVE AI on April 15, 2026 at 19:12 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 15 Jan 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 14 Jan 2026 11:15:00 +0000

Type Values Removed Values Added
First Time appeared Wordpress
Wordpress wordpress
Vendors & Products Wordpress
Wordpress wordpress

Wed, 14 Jan 2026 05:45:00 +0000

Type Values Removed Values Added
Description The Responsive Accordion Slider plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'resp_accordion_silder_save_images' function in all versions up to, and including, 1.2.2. This makes it possible for authenticated attackers, with Contributor-level access and above, to modify any slider's image metadata including titles, descriptions, alt text, and links.
Title Responsive Accordion Slider <= 1.2.2 - Missing Authorization to Authenticated (Contributor+) Slider Update via 'resp_accordion_silder_save_images'
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}

Subscriptions

Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2026-04-08T16:53:34.080Z

Reserved: 2026-01-06T01:49:07.352Z

Link: CVE-2026-0635

cve-icon Vulnrichment

Updated: 2026-01-15T18:31:26.852Z

cve-icon NVD

Status : Deferred

Published: 2026-01-14T06:15:55.047

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-0635

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-15T19:15:12Z

Weaknesses