A vulnerability was found in nextendweb Smart Slider 3 Plugin up to 3.5.1.36 on WordPress and classified as critical . Impacted is the function replaceHTMLImage . Such manipulation leads to path traversal. This vulnerability is traded as CVE-2026-9197 . The attack may be launched remotely. There is no exploit available.