The vulnerability allows an authenticated attacker with administrator-level access to bypass directory boundaries and read arbitrary files on the server. By exploiting the replaceHTMLImage function, an attacker can supply crafted values for the 'src' or 'srcset' attributes in the HTML export feature, causing the plugin to resolve file paths outside the intended directory. This results in disclosure of sensitive data such as configuration files, credentials, or other private files, potentially leading to further compromise.

The Smart Slider 3 plugin for WordPress, versions up to and including 3.5.1.36, are affected. Users of this Wordpress plugin who have administrative privileges and are running any of those versions are at risk. The vulnerability is specific to the plugin provided by Nextendweb and does not extend to other Wordpress components.

The CVSS score is 4.9, indicating a moderate severity. No EPSS score is available, so the likelihood of public exploitation cannot be quantified, and this vulnerability is not listed in the CISA KEV catalog. The exploit requires a user with Administrator or higher privileges, so it cannot be leveraged by anonymous outsiders. Given the moderate depth of impact, the risk to an entity that is effectively managing administrative accounts is lower, but the potential for sensitive data exposure warrants timely remediation.