Lucene search
+L
ThemepunchSlider Revolution

14 matches found

CVE
CVE
added 2023/06/19 10:52 a.m.1771 views

CVE-2023-2359

CVE-2023-2359 affects the Slider Revolution WordPress plugin up to version 6.6.12. The vulnerability arises from not validating image files on import, enabling an arbitrary file upload that may lead to Remote Code Execution in certain server configurations. Affected component: Slider Revolution p...

8.8CVSS8.9AI score0.0254EPSS
In wildWeb
CVE
CVE
added 2023/12/20 6:29 p.m.574 views

CVE-2023-47784

CVE-2023-47784 affects the WordPress Slider Revolution Plugin (ThemePunch)

8.8CVSS8.5AI score0.0069EPSS
In wild
CVE
CVE
added 2024/06/19 2:57 p.m.402 views

CVE-2024-34444

CVE-2024-34444 is a Missing Authorization vulnerability affecting the WordPress plugin Slider Revolution by ThemePunch OHG (prior to version 6.7.0). The underlying issue is lack of authorization checks in the init_rest_api function, enabling unauthenticated modification of slider data. Public sou...

8.8CVSS5.1AI score0.00329EPSS
CVE
CVE
added 2024/01/08 7:0 p.m.346 views

CVE-2023-6528

The CVE-2023-6528 entry concerns the Slider Revolution WordPress plugin (prior to 6.6.19). Technical details across connected docs show that users with at least the Author role can unserialize arbitrary content when importing sliders, potentially enabling Remote Code Execution (RCE). Affected ver...

8.8CVSS8.8AI score0.0137EPSS
CVE
CVE
added 2024/06/04 9:31 a.m.188 views

CVE-2024-4637

Slider Revolution for WordPress (revslider) versions up to and including 6.7.10 are affected by a stored XSS due to insufficient input sanitization and output escaping on Elementor wrapperid and zindex attributes. Exploitation requires authenticated access (Contributor+). Patch/mitigation exists ...

6.4CVSS5.9AI score0.00263EPSS
CVE
CVE
added 2015/06/30 2:0 p.m.169 views

CVE-2014-9735

The CVE-2014-9735 issue affects WordPress ThemePunch Slider Revolution (RevSlider) before 3.0.96 and Showbiz Pro plugin 1.7.1 and earlier. The root cause is improper restriction of administrator AJAX functionality, enabling unauthenticated remote code execution via file upload and manipulation ac...

7.5CVSS7.5AI score0.75256EPSS
Web
CVE
CVE
added 2015/06/30 2:0 p.m.145 views

CVE-2014-9734

CVE-2014-9734 describes a directory traversal vulnerability in the WordPress plugin for Slider Revolution (revslider) prior to 4.2. An attacker can cause a revslider_show_image action to wp-admin/admin-ajax.php with a .. in the img parameter to read arbitrary server files. Affected: Slider Revolu...

5CVSS9AI score0.20631EPSS
Web
CVE
CVE
added 2023/11/20 2:23 p.m.97 views

CVE-2023-47772

CVE-2023-47772 affects the WordPress plugin Slider Revolution (revslider) up to version 6.6.14 . The issue is a Stored Cross-Site Scripting (XSS) vulnerability caused by insufficient input sanitization/output escaping in authenticated scenarios (Contributor+). Public exploitation details are not ...

6.5CVSS5.6AI score0.00386EPSS
CVE
CVE
added 2024/10/01 6:39 a.m.96 views

CVE-2024-8107

CVE-2024-8107 : Slider Revolution for WordPress (versions

6.4CVSS5.6AI score0.00304EPSS
CVE
CVE
added 2024/06/19 2:53 p.m.92 views

CVE-2024-34443

CVE-2024-34443 describes a Stored XSS in the WordPress Slider Revolution plugin (revslider) from ThemePunch OHG, affected before version 6.7.11. Public sources (NVD, Red Hat) confirm the vulnerability is due to Improper Neutralization of Input During Web Page Generation. The remediation is to upg...

5.9CVSS5.2AI score0.00283EPSS
CVE
CVE
added 2024/05/02 4:52 p.m.80 views

CVE-2024-4092

CVE-2024-4092 affects Slider Revolution (revslider) for WordPress. It is a Stored XSS via the htmltag parameter in all versions up to 6.7.7. Exploitation is possible by authenticated users (administrators; authors if enabled) and can affect pages viewed by other users. The CVE entry is marked as ...

6.4CVSS5.7AI score0.00423EPSS
CVE
CVE
added 2015/06/30 2:0 p.m.69 views

CVE-2015-5151

CVE-2015-5151 affects the WordPress Slider Revolution (Revslider) plugin version 4.2.2. The vulnerability stems from inadequate validation/filtering of the client_action parameter in the revslider_ajax_action action called by wp-admin/admin-ajax.php, allowing remote attackers to inject arbitrary ...

4.3CVSS6AI score0.01693EPSS
Web
CVE
CVE
added 2024/07/21 10:14 p.m.63 views

CVE-2024-37449

CVE-2024-37449 is an XSS flaw in Slider Revolution (ThemePunch OHG) for WordPress, tracked as

5.9CVSS5.2AI score0.0026EPSS
CVE
CVE
added 2024/06/04 8:31 a.m.59 views

CVE-2024-4581

CVE-2024-4581 affects the Slider Revolution WordPress plugin (versions up to and including 6.7.11). The vulnerability is a Stored XSS in the Add Layer widget caused by insufficient input sanitization and output escaping for user-supplied class, id, and title attributes. Exploitation requires an A...

6.4CVSS5.9AI score0.00279EPSS