CVE-2026-7542

The Slider Revolution plugin for WordPress is vulnerable to Sensitive Information Disclosure in versions up to and including 7.0.10. This is due to three compounding design flaws: 1 the plugin leaks a valid backend AJAX nonce revslideractions to all authenticated users including Subscribers via t...

WordPress Slider Revolution plugin 7.0-7.0.10 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Luc Huynh from Noventiq RedTeam - Noventiq Vietnam in WordPress Plugin Slider Revolution versions 7.0-7.0.10...

EUVD-2026-33850

The Slider Revolution plugin for WordPress in versions 6.0.0-6.7.55 and 7.0.0-7.0.14 is vulnerable to unauthorized modification of data. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

CVE-2026-9050

The Slider Revolution plugin for WordPress in versions 6.0.0-6.7.55 and 7.0.0-7.0.14 is vulnerable to unauthorized modification of data. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

EUVD-2026-28321

The Slider Revolution plugin for WordPress is vulnerable to Arbitrary File Upload in versions 7.0.0 to 7.0.10 via the 'getmediaurl' and 'checkfilepath' function. This is due to insufficient file type validation. This makes it possible for authenticated attackers, with subscriber-level access and...

CVE-2026-6692 Slider Revolution 7.0.0 - 7.0.10 - Authenticated (Subscriber+) Arbitrary File Upload via _get_media_url

The Slider Revolution plugin for WordPress is vulnerable to Arbitrary File Upload in versions 7.0.0 to 7.0.10 via the 'getmediaurl' and 'checkfilepath' function. This is due to insufficient file type validation. This makes it possible for authenticated attackers, with subscriber-level access and...

EUVD-2023-33850

Malicious code in bioql PyPI...

CVE-2023-2359

The Slider Revolution WordPress plugin through 6.6.12 does not check for valid image files upon import, leading to an arbitrary file upload which may be escalated to Remote Code Execution in some server configurations...

The vulnerability of the Slider Revolution plugin for WordPress content management systems, related to the unlimited loading of dangerous files, allows a hacker to upload any type of files they want.

The vulnerability of the Slider Revolution plugin for WordPress content management systems is related to the ability to download files of a dangerous type without limitation. Exploiting this vulnerability could allow an attacker to write arbitrary files...

WordPress Slider Revolution Plugin < 6.7.11 is vulnerable to Cross Site Scripting (XSS)

Software Slider Revolution Type Plugin Vulnerable versions 6.7.11 Fixed in 6.7.11 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34443 Patch priority Low CVSS severity Low 5.9 Developer ThemePunch PSID 5d432eb3f5ab Credits Rafie Muhammad Patchstack Required...

WordPress Slider Revolution Plugin <= 6.6.20 is vulnerable to Cross Site Scripting (XSS)

Software Slider Revolution Type Plugin Vulnerable versions = 6.6.20 Fixed in 6.7.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2306 Patch priority Low CVSS severity Low 5.9 Developer ThemePunch PSID 25a221b7c033 Credits wesley wcraft Nikolas - md...

PT-2024-14995 · WordPress · Slider Revolution

Name of the Vulnerable Software and Affected Versions: Slider Revolution WordPress plugin versions prior to 6.6.19 Description: The issue allows users with at least the Author role to unserialize arbitrary content when importing sliders, potentially leading to Remote Code Execution...

WordPress Plugin Slider Revolution Code Issue Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

CVE-2023-28622

Auth. author+ Stored Cross-Site Scripting XSS vulnerability in Trident Technolabs Easy Slider Revolution plugin = 1.0.0 versions...

CVE-2023-2359

The Slider Revolution WordPress plugin through 6.6.12 does not check for valid image files upon import, leading to an arbitrary file upload which may be escalated to Remote Code Execution in some server configurations...

Revolution Slider <= 6.6.12 - Author+ Remote Code Execution

The plugin does not check for valid image files upon import, leading to an arbitrary file upload which may be escalated to Remote Code Execution in some server configurations. By default, the import functionality is only available to Admin users. However, the plugin may be configured to allow...

WordPress Slider Revolution Plugin Directory Traversal Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports personal blog sites set up on servers with PHP and MySQL.Slider Revolution revslider is one of the slideshow plugin. A directory traversal vulnerability exists in...

VulnCheck KEV: CVE-2014-9735

The ThemePunch Slider Revolution revslider plugin before 3.0.96 for WordPress and Showbiz Pro plugin 1.7.1 and earlier for Wordpress does not properly restrict access to administrator AJAX functionality, which allows remote attackers to 1 upload and execute arbitrary files via an...