Fwd: Security alert + WordPress 7.0 is two weeks away

[Dorothy Firsching]

---------- Forwarded message ---------
From: Phil Taylor <ph...@phil-taylor.com>
Date: Thu, Mar 26, 2026 at 3:21 PM
Subject: Security alert + WordPress 7.0 is two weeks away
To: <dfirs...@acm.org>

Smart Slider 3 vulnerability affects 800K WordPress sites, plus WordPress 7.0 compatibility, Joomla TinyMCE fix, and new diagnostic tools

mySites.guru   Smart Slider 3 vulnerability, WordPress 7.0 prep, and Joomla fixes Bad week for Smart Slider 3. A vulnerability disclosed this week lets any registered user on your site - even a basic subscriber - download your wp-config.php and every other file the web server can read. Over 800,000 WordPress sites are affected, and the same vulnerable code ships in the Joomla version too. If you run Smart Slider 3, update to version 3.5.1.34 now. On the WordPress side, version 7.0 lands April 9 with new minimum requirements: PHP 7.4 and MySQL 8.0. Sites on older versions will not get the auto-update. Good time to check your portfolio. For Joomla, Firefox 148 broke the TinyMCE editor across every version, and there's a new post on detecting locked scheduled tasks before they cause problems. Plus a guide explaining the difference between snapshots and audits in mySites.guru. All guides are free to read on the blog Security Smart Slider 3 lets any subscriber download your wp-config.php CVE-2026-3098 is an arbitrary file read vulnerability affecting all Smart Slider 3 versions up to 3.5.1.33. The slider export function lacks proper capability checks, so anyone with a subscriber account can download any file from your server. That includes database credentials, authentication keys, and anything else the web server can read. The Joomla version shares the same vulnerable code. Update to 3.5.1.34, then regenerate your salts and change your database password. Read the full breakdown From the blog New How to Check Your Sites for WordPress 7.0 Compatibility New Joomla TinyMCE Editor Broken in Firefox 148 - How to Fix It New Detect Locked Joomla Scheduled Tasks Before They Cause Problems New Snapshot vs Audit: What's the Difference?