{"id":273,"date":"2026-03-28T14:51:34","date_gmt":"2026-03-28T13:51:34","guid":{"rendered":"https:\/\/masterymesh.com\/blog\/?p=273"},"modified":"2026-03-28T14:51:49","modified_gmt":"2026-03-28T13:51:49","slug":"smart-slider-3-ranjivost-wordpress","status":"publish","type":"post","link":"https:\/\/masterymesh.com\/blog\/wordpress-tips\/smart-slider-3-ranjivost-wordpress\/","title":{"rendered":"Smart Slider 3 sigurnosni problem (2026) \u2013 Kako za\u0161tititi WordPress"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">Sigurnost WordPress web stranica ponovno je u fokusu nakon otkri\u0107a ozbiljne ranjivosti u popularnom pluginu Smart Slider 3. Ova ranjivost poga\u0111a vi\u0161e od 800.000 aktivnih instalacija i omogu\u0107uje napada\u010dima pristup osjetljivim podacima na serveru.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Ako koristite WordPress i ovaj plugin, va\u0161a stranica mo\u017ee biti izlo\u017eena riziku \u2013 \u010dak i bez kompleksnih napada. U ovom \u010dlanku obja\u0161njavamo \u0161to se dogodilo, koliko je opasno i kako se mo\u017eete za\u0161tititi odmah.<\/p>\n\n\n\n<div class=\"wp-block-rank-math-toc-block\" id=\"rank-math-toc\"><h2>Sadr\u017eaj<\/h2><nav><ul><li class=\"\"><a href=\"#sto-je-problem-sa-smart-slider-3\">\u0160to je problem sa Smart Slider 3?<\/a><\/li><li class=\"\"><a href=\"#koliko-je-ovo-ozbiljno\">Koliko je ovo ozbiljno?<\/a><\/li><li class=\"\"><a href=\"#kako-je-ranjivost-otkrivena\">Kako je ranjivost otkrivena?<\/a><\/li><li class=\"\"><a href=\"#timeline-dogadaja\">Timeline doga\u0111aja<\/a><\/li><li class=\"\"><a href=\"#kako-se-zastititi-odmah\">Kako se za\u0161tititi odmah<\/a><ul><li class=\"\"><a href=\"#\u2705-1-azuriraj-plugin\">\u2705 1. A\u017euriraj plugin<\/a><\/li><li class=\"\"><a href=\"#\u2705-2-provjeri-korisnicke-racune\">\u2705 2. Provjeri korisni\u010dke ra\u010dune<\/a><\/li><li class=\"\"><a href=\"#\u2705-3-instaliraj-sigurnosni-plugin\">\u2705 3. Instaliraj sigurnosni plugin<\/a><\/li><li class=\"\"><a href=\"#\u2705-4-ogranici-pristup-datotekama\">\u2705 4. Ograni\u010di pristup datotekama<\/a><\/li><li class=\"\"><a href=\"#\u2705-5-redovito-radi-backup\">\u2705 5. Redovito radi backup<\/a><\/li><\/ul><\/li><li class=\"\"><a href=\"#kako-mastery-mesh-rjesava-ovakve-probleme\">Kako MasteryMesh rje\u0161ava ovakve probleme<\/a><\/li><li class=\"\"><a href=\"#zakljucak\">Zaklju\u010dak<\/a><\/li><\/ul><\/nav><\/div>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"sto-je-problem-sa-smart-slider-3\">\u0160to je problem sa Smart Slider 3?<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Rije\u010d je o tzv. <strong>\u201cArbitrary File Read\u201d ranjivosti<\/strong>.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">To zna\u010di da napada\u010d mo\u017ee:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>pristupiti datotekama na serveru<\/li>\n\n\n\n<li>pro\u010ditati osjetljive informacije<\/li>\n\n\n\n<li>potencijalno kompromitirati cijelu web stranicu<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">Va\u017eno:<br>Napad zahtijeva da korisnik ima barem <strong>subscriber (pretplatnik) razinu pristupa<\/strong> ili vi\u0161e.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"koliko-je-ovo-ozbiljno\">Koliko je ovo ozbiljno?<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Vrlo ozbiljno.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">\ud83d\udd34 <strong>800.000+ WordPress stranica je pogo\u0111eno<\/strong><br>\ud83d\udd34 Mogu\u0107e curenje osjetljivih podataka<br>\ud83d\udd34 Napad je relativno jednostavan ako postoji korisni\u010dki ra\u010dun<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Primjeri podataka koji mogu biti izlo\u017eeni:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>wp-config.php (database lozinke)<\/li>\n\n\n\n<li>API klju\u010devi<\/li>\n\n\n\n<li>korisni\u010dki podaci<\/li>\n\n\n\n<li>backup datoteke<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"kako-je-ranjivost-otkrivena\">Kako je ranjivost otkrivena?<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Ranjivost je otkrio sigurnosni istra\u017eiva\u010d <strong>Dmitrii Ignatyev<\/strong> kroz Wordfence Bug Bounty program.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Za ovo otkri\u0107e dobio je nagradu od:<br>\ud83d\udc49 <strong>$2,208 USD<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Ovo pokazuje koliko je WordPress ekosustav aktivno nadziran \u2013 ali i koliko su pluginovi \u010desto meta napada.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"timeline-dogadaja\">Timeline doga\u0111aja<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\ud83d\udcc5 23.02.2026 \u2013 Ranjivost prijavljena<\/li>\n\n\n\n<li>\ud83d\udcc5 24.02.2026 \u2013 Obavije\u0161ten developer (Nextend)<\/li>\n\n\n\n<li>\ud83d\udcc5 24.02.2026 \u2013 Wordfence uvodi za\u0161titu za premium korisnike<\/li>\n\n\n\n<li>\ud83d\udcc5 24.03.2026 \u2013 Objavljen slu\u017ebeni patch<\/li>\n\n\n\n<li>\ud83d\udcc5 26.03.2026 \u2013 Za\u0161tita dostupna i free korisnicima<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"kako-se-zastititi-odmah\">Kako se za\u0161tititi odmah<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Ako koristi\u0161 Smart Slider 3, napravi ovo odmah:<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"\u2705-1-azuriraj-plugin\">\u2705 1. A\u017euriraj plugin<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Instaliraj verziju:<br>\ud83d\udc49 <strong>3.5.1.34 ili noviju<\/strong><\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"\u2705-2-provjeri-korisnicke-racune\">\u2705 2. Provjeri korisni\u010dke ra\u010dune<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>ukloni nepoznate korisnike<\/li>\n\n\n\n<li>ograni\u010di subscriber registracije<\/li>\n\n\n\n<li>koristi jake lozinke<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"\u2705-3-instaliraj-sigurnosni-plugin\">\u2705 3. Instaliraj sigurnosni plugin<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Preporuke:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Wordfence<\/li>\n\n\n\n<li>Sucuri<\/li>\n\n\n\n<li>iThemes Security<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"\u2705-4-ogranici-pristup-datotekama\">\u2705 4. Ograni\u010di pristup datotekama<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>za\u0161titi wp-config.php<\/li>\n\n\n\n<li>koristi pravilne file permissions<\/li>\n\n\n\n<li>onemogu\u0107i directory listing<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"\u2705-5-redovito-radi-backup\">\u2705 5. Redovito radi backup<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>dnevni backup (idealno offsite)<\/li>\n\n\n\n<li>testiraj restore<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"kako-mastery-mesh-rjesava-ovakve-probleme\">Kako MasteryMesh rje\u0161ava ovakve probleme<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">U MasteryMesh projektima implementiramo:<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">\ud83d\udd10 automatska sigurnosna a\u017euriranja<br>\ud83d\udd10 monitoring ranjivosti<br>\ud83d\udd10 firewall i za\u0161titu od brute-force napada<br>\ud83d\udd10 sigurnosne audit procese<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Na\u0161 cilj je da klijenti <strong>nikada ne moraju brinuti o ovakvim problemima<\/strong>.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"zakljucak\">Zaklju\u010dak<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Smart Slider 3 ranjivost je jo\u0161 jedan podsjetnik:<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">\ud83d\udc49 WordPress je mo\u0107an, ali zahtijeva redovito odr\u017eavanje<br>\ud83d\udc49 Pluginovi su naj\u010de\u0161\u0107a sigurnosna rupa<br>\ud83d\udc49 Jedno ne-a\u017euriranje mo\u017ee ugroziti cijeli biznis<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Ako koristi\u0161 ovaj plugin \u2013 a\u017euriraj odmah.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Ako nisi siguran u sigurnost svoje web stranice, najbolje je napraviti <strong><a href=\"\/kontakt\">sigurnosni audit<\/a><\/strong> \u0161to prije.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Sigurnost WordPress web stranica ponovno je u fokusu nakon otkri\u0107a ozbiljne ranjivosti u popularnom pluginu&#8230;<\/p>\n","protected":false},"author":1,"featured_media":279,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_kad_post_transparent":"","_kad_post_title":"","_kad_post_layout":"","_kad_post_sidebar_id":"","_kad_post_content_style":"","_kad_post_vertical_padding":"","_kad_post_feature":"","_kad_post_feature_position":"","_kad_post_header":false,"_kad_post_footer":false,"_kad_post_classname":"","footnotes":""},"categories":[3],"tags":[],"class_list":["post-273","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-wordpress-tips"],"_links":{"self":[{"href":"https:\/\/masterymesh.com\/blog\/wp-json\/wp\/v2\/posts\/273","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/masterymesh.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/masterymesh.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/masterymesh.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/masterymesh.com\/blog\/wp-json\/wp\/v2\/comments?post=273"}],"version-history":[{"count":2,"href":"https:\/\/masterymesh.com\/blog\/wp-json\/wp\/v2\/posts\/273\/revisions"}],"predecessor-version":[{"id":280,"href":"https:\/\/masterymesh.com\/blog\/wp-json\/wp\/v2\/posts\/273\/revisions\/280"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/masterymesh.com\/blog\/wp-json\/wp\/v2\/media\/279"}],"wp:attachment":[{"href":"https:\/\/masterymesh.com\/blog\/wp-json\/wp\/v2\/media?parent=273"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/masterymesh.com\/blog\/wp-json\/wp\/v2\/categories?post=273"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/masterymesh.com\/blog\/wp-json\/wp\/v2\/tags?post=273"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}