CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

ATTACKERKB•added 2026/05/20 9:28 a.m.•10 views

CVE-2026-6728

Exploits0References3Affected Software1

Vulnrichment•added 2026/05/20 9:28 a.m.•7 views

CVE-2026-6728 Slider Revolution <= 7.0.9 - Unauthenticated Sensitive Information Exposure via 'sliders/stream'

CNNVD•added 2026/05/20 12:0 a.m.•5 views

WordPress plugin Slider Revolution 信息泄露漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

Positive Technologies•added 2026/05/20 12:0 a.m.•7 views

Exploits0References1

PT-2026-42137

The Slider Revolution plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 7.0.9 via the 'get stream data' function. This makes it possible for unauthenticated attackers to extract sensitive data including published password-protected post, page,...

Patchstack•added 2026/05/19 8:43 p.m.•4 views

Exploits0References3

WordPress Slider Revolution plugin <= 7.0.9 - Unauthenticated Sensitive Information Exposure vulnerability

Unauthenticated Sensitive Information Exposure vulnerability discovered by Nos1x0 in WordPress Plugin Slider Revolution versions = 7.0.9...

Patchstack•added 2026/05/07 9:46 a.m.•11 views

WordPress Slider Revolution plugin 7.0.0-7.0.10 - 7.0.10 - Authenticated (Subscriber+) Arbitrary File Upload vulnerability

WordPress Slider Revolution plugin 7.0.0-7.0.10 - 7.0.10 - Authenticated Subscriber+ Arbitrary File Upload vulnerability discovered by h0xilo in WordPress Plugin Slider Revolution versions 7.0.0-7.0.10...

8.8CVSS5.8AI score0.00107EPSS

CVE•added 2026/05/07 4:27 a.m.•12 views

CVE-2026-6692

The connected Wordfence report confirms CVE-2026-6692 affects Slider Revolution for WordPress (versions 7.0.0–7.0.10). The root cause is insufficient file type validation in the _get_media_url/_check_file_path flow, allowing an authenticated subscriber+ to upload arbitrary files (including PHP) i...

8.8CVSS6.4AI score0.00107EPSS

In wildExploits0References2

Cvelist•added 2026/05/07 4:27 a.m.•55 views

CVE-2026-6692 Slider Revolution 7.0.0 - 7.0.10 - Authenticated (Subscriber+) Arbitrary File Upload via _get_media_url

The Slider Revolution plugin for WordPress is vulnerable to Arbitrary File Upload in versions 7.0.0 to 7.0.10 via the 'getmediaurl' and 'checkfilepath' function. This is due to insufficient file type validation. This makes it possible for authenticated attackers, with subscriber-level access and...

8.8CVSS0.00107EPSS

ATTACKERKB•added 2026/05/07 4:27 a.m.•5 views

CVE-2026-6692

8.8CVSS6.4AI score0.00107EPSS

Exploits0References3Affected Software1

CNNVD•added 2026/05/07 12:0 a.m.•6 views

WordPress plugin Slider Revolution 代码问题漏洞

8.8CVSS6.3AI score0.00107EPSS

Exploits0References1

Patchstack•added 2026/02/02 12:19 p.m.•5 views

WordPress Slider Revolution plugin <= 6.7.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via Elementor wrapperid and zindex vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Elementor wrapperid and zindex vulnerability discovered by stealthcopter in WordPress Plugin Slider Revolution versions = 6.7.10...

6.4CVSS5.3AI score0.00311EPSS

Patchstack•added 2025/10/09 10:16 p.m.•17 views

WordPress Slider Revolution plugin <= 6.7.37 - Missing Authorization to Authenticated (Contributor+) Arbitrary File Read vulnerability

Missing Authorization to Authenticated Contributor+ Arbitrary File Read vulnerability discovered by stealthcopter in WordPress Plugin Slider Revolution versions = 6.7.37...

6.5CVSS6.8AI score0.0008EPSS

NVD•added 2025/10/09 12:15 p.m.•2 views

CVE-2025-10249

The Slider Revolution plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on several functions in all versions up to, and including, 6.7.37. This makes it possible for authenticated attackers, with Contributor-level access and above...

6.5CVSS0.0008EPSS

Cvelist•added 2025/10/09 11:20 a.m.•8 views

CVE-2025-10249 Slider Revolution <= 6.7.37 - Missing Authorization to Authenticated (Contributor+) Arbitrary File Read

6.5CVSS0.0008EPSS

EUVD•added 2025/10/09 11:20 a.m.•3 views

EUVD-2025-33332

6.5CVSS4.8AI score0.0008EPSS

Exploits0References3

Positive Technologies•added 2025/10/09 12:0 a.m.•3 views

PT-2025-41371

Name of the Vulnerable Software and Affected Versions Slider Revolution plugin for WordPress versions prior to 6.7.38 Description The Slider Revolution plugin for WordPress is susceptible to unauthorized access and modification of data because of a missing capability check on several functions...

6.5CVSS6AI score0.0008EPSS

Exploits0References7

CNNVD•added 2025/10/09 12:0 a.m.•1 views

WordPress plugin Slider Revolution 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

6.5CVSS6.3AI score0.0008EPSS

Exploits0References3

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2025-26172

Malicious code in bioql PyPI...

6.5CVSS6.4AI score0.00111EPSS