← Back to Blog
Research 13 min read March 30, 2026

Smart Slider WordPress Flaw Exposes 800K Sites, LangChain AI Framework Triple Vulnerability Leaks Secrets, TeamPCP Telnyx WAV Steganography Attack Escalates, CISA PTC Windchill Alert Mobilizes German Police, Hightower Breach Hits 130K

A critical file-read vulnerability in the Smart Slider 3 WordPress plugin exposes 800,000 websites to credential theft. Three newly disclosed LangChain and LangGraph flaws threaten AI enterprise deployments with file exfiltration and SQL injection. TeamPCP escalates its supply chain campaign by backdooring the Telnyx PyPI package with WAV steganography. CISA flags a critical PTC Windchill vulnerability that prompted German police to physically warn organizations. Hightower Holding data breach exposes SSNs and driver's licenses of 130,000 individuals.


1. Smart Slider 3 WordPress Plugin Flaw Exposes 800,000 Websites to Credential Theft

⚠️ CRITICAL — CVE-2026-3098: Arbitrary File Read in Smart Slider 3 (800K+ Active Installs)

A medium-severity vulnerability in Smart Slider 3 (versions through 3.5.1.33) allows any authenticated user — including subscribers — to read arbitrary server files such as wp-config.php. Patch to version 3.5.1.34 immediately.

A vulnerability in one of WordPress's most popular slider plugins has put hundreds of thousands of websites at risk of complete takeover. The flaw, tracked as CVE-2026-3098, affects Smart Slider 3 — a drag-and-drop content carousel plugin active on more than 800,000 WordPress installations.

Discovered by researcher Dmitrii Ignatyev and validated by Wordfence, the vulnerability stems from missing capability checks in the plugin's AJAX export actions. The actionExportAll function lacks file type and source validation, allowing any authenticated user — even those with the lowest "subscriber" role — to read arbitrary files from the server.

Why This Is Worse Than It Sounds

While CVE-2026-3098 received a "medium" severity rating because it requires authentication, the practical impact is devastating for the millions of WordPress sites that offer user registration or membership features:

"This ultimately makes it possible for authenticated attackers with minimal access, like subscribers, to read any arbitrary file on the server, including the site's wp-config.php file," said István Márton, vulnerability researcher at Defiant.

Patch Status

Nextendweb acknowledged the report on March 2 and delivered a fix with Smart Slider version 3.5.1.34 on March 24. The vulnerability is not flagged as actively exploited yet, but the window for mass exploitation is open.

KENSAI Perspective

WordPress plugin vulnerabilities remain one of the most reliable attack vectors on the internet. With 800,000 installations and a low exploitation barrier, CVE-2026-3098 is a prime target for automated scanners. KENSAI's web application scanning identifies outdated plugins and known CVEs across your web infrastructure — catching exactly these kinds of low-hanging-fruit vulnerabilities before attackers exploit them at scale.


2. LangChain & LangGraph Triple Vulnerability Threatens AI Enterprise Deployments

⚠️ HIGH — Three Critical Flaws in LangChain/LangGraph: Path Traversal, Deserialization, SQL Injection

CVE-2026-34070 (CVSS 7.5), CVE-2025-68664 (CVSS 9.3), and CVE-2025-67644 (CVSS 7.3) expose filesystem data, API keys, and conversation histories in the world's most popular AI development frameworks. Patch immediately.

Three security vulnerabilities in LangChain and LangGraph — the dominant open-source frameworks for building LLM-powered applications — could expose enterprise data across three independent attack paths. With combined weekly downloads exceeding 84 million on PyPI, the blast radius is enormous.

The Triple Threat

The Ripple Effect

"LangChain doesn't exist in isolation. It sits at the center of a massive dependency web that stretches across the AI stack," Cyera warned. "When a vulnerability exists in LangChain's core, it doesn't just affect direct users. It ripples outward through every downstream library, every wrapper, every integration that inherits the vulnerable code path."

This is not theoretical. Days earlier, a critical Langflow vulnerability (CVE-2026-33017, CVSS 9.3) came under active exploitation within 20 hours of disclosure, demonstrating how quickly attackers move to weaponize AI framework flaws.

Patched Versions

CVEComponentFixed Version
CVE-2026-34070langchain-core≥ 1.2.22
CVE-2025-68664langchain-core0.3.81 / 1.2.5
CVE-2025-67644langgraph-checkpoint-sqlite3.0.1

KENSAI Perspective

AI frameworks are becoming critical infrastructure, yet they carry the same classic vulnerability classes — path traversal, deserialization, SQL injection — that have plagued web applications for decades. The difference: AI frameworks process sensitive prompts, API keys, and conversation data that represent a new tier of valuable targets. KENSAI's dependency scanning helps organizations identify vulnerable versions of LangChain and other critical packages before attackers do.


3. TeamPCP Backdoors Telnyx PyPI Package with WAV Steganography

⚠️ CRITICAL — Supply Chain Attack: Telnyx PyPI Versions 4.87.1 & 4.87.2 Backdoored

TeamPCP compromised the official Telnyx Python SDK on PyPI, hiding credential-stealing malware inside WAV audio files. Downgrade to 4.87.0 immediately. The package is currently quarantined.

The prolific supply chain threat actor TeamPCP has struck again — this time compromising the official Telnyx Python SDK on PyPI, a package with over 740,000 monthly downloads used by developers to integrate VoIP, SMS, and IoT services.

The attack follows TeamPCP's previous compromises of Trivy, KICS, and LiteLLM, establishing the group as the most active supply chain threat actor of 2026.

The WAV Steganography Technique

What makes this attack particularly sophisticated is the use of audio steganography to evade detection:

On Windows, the attack drops a persistent executable (msbuild.exe) in the Startup folder for reboot survival. On Linux/macOS, the entire chain operates within a self-destructing temporary directory, leaving near-zero forensic artifacts.

How Credentials Were Stolen

"We believe the most likely vector is the litellm compromise itself," Endor Labs researchers explained. "TeamPCP's harvester swept environment variables, .env files, and shell histories from every system that imported litellm. If any developer or CI pipeline had both litellm installed and access to the telnyx PyPI token, that token was already in TeamPCP's hands."

KENSAI Perspective

The cascading nature of supply chain attacks is the defining security challenge of 2026. A single compromised package leads to stolen credentials, which lead to more compromised packages, in an accelerating spiral. KENSAI's continuous monitoring identifies supply chain exposure across your dependency tree — from direct imports to transitive dependencies three or four levels deep.


4. CISA Flags Critical PTC Windchill Vulnerability — German Police Mobilized

⚠️ HIGH — CVE-2026-4681: Critical PTC Windchill Flaw Prompted Physical Police Warnings

CISA has added CVE-2026-4681, a critical vulnerability in PTC's Windchill product lifecycle management software, to its Known Exploited Vulnerabilities catalog. The severity was underscored by German police physically visiting organizations to warn them.

In an extraordinarily rare measure, German police physically visited organizations to warn them about a critical vulnerability in PTC's Windchill product lifecycle management (PLM) software — a system widely used in manufacturing, automotive, aerospace, and defense industries to manage product data and engineering processes.

The vulnerability, tracked as CVE-2026-4681, has been added to CISA's Known Exploited Vulnerabilities (KEV) catalog, confirming active exploitation in the wild. While specific technical details remain restricted to prevent further exploitation, the coordinated response from both American and German authorities signals the severity:

KENSAI Perspective

When police show up at your door to warn about a vulnerability, the severity speaks for itself. PLM systems like Windchill often sit in network segments that receive less security scrutiny than customer-facing applications, yet they contain some of an organization's most valuable intellectual property. KENSAI's infrastructure scanning identifies exposed management interfaces and unpatched enterprise software — including the industrial and PLM systems that traditional web scanners overlook.


5. Hightower Holding Data Breach Exposes 130,000 Individuals

Financial holdings company Hightower Holding has disclosed a data breach affecting approximately 130,000 individuals. The compromised data includes names, Social Security numbers, and driver's license numbers — a particularly toxic combination for identity theft and financial fraud.

What Was Exposed

The combination of SSNs and driver's license numbers enables attackers to open fraudulent accounts, file false tax returns, and conduct identity theft that can take victims years to resolve. For a financial holdings company, the breach also raises questions about the security of investment and account data that may have been in the same environment.

KENSAI Perspective

Financial services organizations hold some of the most sensitive personal data in any industry. The Hightower breach reinforces why continuous security testing is not optional for companies handling PII at scale. KENSAI's automated penetration testing identifies the network exposure, misconfigured access controls, and vulnerable services that enable breaches of this magnitude — before they result in 130,000 notification letters.


Daily Research & Product Summary

DevelopmentImpactTypeAction Required
Smart Slider 3 WordPress CVE-2026-3098CRITICALVulnerabilityUpdate to v3.5.1.34 immediately
LangChain/LangGraph Triple VulnerabilityCRITICALVulnerabilityUpdate langchain-core & langgraph
TeamPCP Telnyx PyPI BackdoorCRITICALSupply ChainDowngrade to Telnyx 4.87.0
CISA PTC Windchill CVE-2026-4681HIGHVulnerabilityPatch Windchill & audit PLM access
Hightower Holding Breach — 130KMEDIUMData BreachMonitor for identity theft exposure

AI Frameworks and WordPress Plugins Under Fire. Is Your Stack Secure?

When critical vulnerabilities hit the tools developers trust most, your attack surface expands overnight. KENSAI's continuous penetration testing finds the flaws before attackers weaponize them.

Start Your Free Security Scan →

Published by the KENSAI Research & Threat Intelligence Team
Research & Product Intelligence Roundup — March 30, 2026
Read more briefings →

🛡️ Is your website secure?

Discover vulnerabilities before attackers do.

Scan your website for free →

Related Articles

伊朗关联黑客攻击波兰核研究中心,FBI调查Steam恶意软件游戏,Google支付1700万美元漏洞赏 Redirecting... Gefälschte VS-Code-Warnungen greifen GitHub an, Niederländische Polizei gehackt,