CVE-2026-1634
📋 TL;DR
This vulnerability allows unauthenticated attackers to inject malicious scripts into WordPress pages using the Subitem AL Slider plugin. When users click specially crafted links, their browsers execute attacker-controlled JavaScript, potentially stealing session cookies or redirecting to malicious sites. All WordPress sites using Subitem AL Slider version 1.0.0 or earlier are affected.
💻 Affected Systems
- WordPress Subitem AL Slider plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers steal administrator session cookies, gain full control of WordPress site, install backdoors, deface website, or redirect visitors to malware distribution sites.
Likely Case
Attackers steal user session cookies, perform actions on behalf of users, or redirect users to phishing pages to steal credentials.
If Mitigated
With proper Content Security Policy headers and modern browser XSS protections, script execution may be blocked, limiting impact to failed injection attempts.
🎯 Exploit Status
Reflected XSS vulnerabilities are commonly weaponized in phishing campaigns. Attack requires user interaction (clicking malicious link).
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.0.1 or later
Vendor Advisory: https://wordpress.org/plugins/subitem-al-slider/
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find Subitem AL Slider. 4. Click 'Update Now' if update available. 5. If no update available, deactivate and delete plugin immediately.
🔧 Temporary Workarounds
Disable vulnerable plugin
allDeactivate and remove the Subitem AL Slider plugin until patched version is available
wp plugin deactivate subitem-al-slider
wp plugin delete subitem-al-slider
Implement WAF rules
allAdd web application firewall rules to block requests containing malicious script patterns in PHP_SELF parameter
🧯 If You Can't Patch
- Implement Content Security Policy headers to restrict script execution
- Use browser security extensions that block reflected XSS attacks
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel → Plugins → Installed Plugins for Subitem AL Slider version 1.0.0 or earlierCheck Version:
wp plugin get subitem-al-slider --field=versionVerify Fix Applied:
Verify plugin version is 1.0.1 or later, or confirm plugin is removed from installed plugins list📡 Detection & Monitoring
Log Indicators:
- HTTP requests with suspicious script tags in PHP_SELF parameter
- Multiple failed XSS attempts from same IP
Network Indicators:
- Outbound connections to suspicious domains after clicking plugin-related links
- Unusual JavaScript execution patterns
SIEM Query:
web_requests WHERE url CONTAINS 'PHP_SELF' AND (url CONTAINS '<script' OR url CONTAINS 'javascript:' OR url CONTAINS 'onload=' OR url CONTAINS 'onerror=')🔗 References
- https://plugins.trac.wordpress.org/browser/subitem-al-slider/tags/1.0.0/templates/tab1_block1.tpl#L11
- https://plugins.trac.wordpress.org/browser/subitem-al-slider/trunk/templates/tab1_block1.tpl#L11
- https://wordpress.org/plugins/subitem-al-slider/
- https://www.wordfence.com/threat-intel/vulnerabilities/id/4bfeff72-27de-46a9-b947-f60255b5d062?source=cve
