PatchSiren cyber security CVE debrief
CVE-2026-39465 MetaSlider CVE debrief
A critical vulnerability, CVE-2026-39465, was discovered in the Responsive Slider by MetaSlider plugin for WordPress, version 3.106.0 and earlier. This vulnerability allows for remote code execution (RCE) and has a CVSS score of 9.1, indicating a high severity level. The vulnerability was published on June 15, 2026, and last modified on the same day.
- Vendor
- MetaSlider
- Product
- Responsive Slider by MetaSlider
- CVSS
- CRITICAL 9.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-15
Who should care
Administrators and users of the Responsive Slider by MetaSlider plugin for WordPress should be aware of this vulnerability and take immediate action to mitigate the risk.
Technical summary
The vulnerability is caused by a weakness in the plugin's code, allowing an attacker to execute arbitrary code remotely. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H.
Defensive priority
High
Recommended defensive actions
- Update the Responsive Slider by MetaSlider plugin to a version that is not vulnerable.
- Refer to the vendor's documentation and security advisories for more information on mitigating this vulnerability.
Evidence notes
The vulnerability was reported by Patchstack, a security research firm.
Official resources
-
CVE-2026-39465 CVE record
CVE.org
-
CVE-2026-39465 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
CVE-2026-39465 was published on 2026-06-15T21:16:43.480Z and last modified on 2026-06-15T21:24:32.790Z.