14 matches found
CVE-2023-2359
CVE-2023-2359 affects the Slider Revolution WordPress plugin up to version 6.6.12. The vulnerability arises from not validating image files on import, enabling an arbitrary file upload that may lead to Remote Code Execution in certain server configurations. Affected component: Slider Revolution p...
CVE-2023-47784
CVE-2023-47784 affects the WordPress Slider Revolution Plugin (ThemePunch)
CVE-2024-34444
CVE-2024-34444 is a Missing Authorization vulnerability affecting the WordPress plugin Slider Revolution by ThemePunch OHG (prior to version 6.7.0). The underlying issue is lack of authorization checks in the init_rest_api function, enabling unauthenticated modification of slider data. Public sou...
CVE-2023-6528
The CVE-2023-6528 entry concerns the Slider Revolution WordPress plugin (prior to 6.6.19). Technical details across connected docs show that users with at least the Author role can unserialize arbitrary content when importing sliders, potentially enabling Remote Code Execution (RCE). Affected ver...
CVE-2024-4637
Slider Revolution for WordPress (revslider) versions up to and including 6.7.10 are affected by a stored XSS due to insufficient input sanitization and output escaping on Elementor wrapperid and zindex attributes. Exploitation requires authenticated access (Contributor+). Patch/mitigation exists ...
CVE-2014-9735
The CVE-2014-9735 issue affects WordPress ThemePunch Slider Revolution (RevSlider) before 3.0.96 and Showbiz Pro plugin 1.7.1 and earlier. The root cause is improper restriction of administrator AJAX functionality, enabling unauthenticated remote code execution via file upload and manipulation ac...
CVE-2014-9734
CVE-2014-9734 describes a directory traversal vulnerability in the WordPress plugin for Slider Revolution (revslider) prior to 4.2. An attacker can cause a revslider_show_image action to wp-admin/admin-ajax.php with a .. in the img parameter to read arbitrary server files. Affected: Slider Revolu...
CVE-2023-47772
CVE-2023-47772 affects the WordPress plugin Slider Revolution (revslider) up to version 6.6.14 . The issue is a Stored Cross-Site Scripting (XSS) vulnerability caused by insufficient input sanitization/output escaping in authenticated scenarios (Contributor+). Public exploitation details are not ...
CVE-2024-8107
CVE-2024-8107 : Slider Revolution for WordPress (versions
CVE-2024-34443
CVE-2024-34443 describes a Stored XSS in the WordPress Slider Revolution plugin (revslider) from ThemePunch OHG, affected before version 6.7.11. Public sources (NVD, Red Hat) confirm the vulnerability is due to Improper Neutralization of Input During Web Page Generation. The remediation is to upg...
CVE-2024-4092
CVE-2024-4092 affects Slider Revolution (revslider) for WordPress. It is a Stored XSS via the htmltag parameter in all versions up to 6.7.7. Exploitation is possible by authenticated users (administrators; authors if enabled) and can affect pages viewed by other users. The CVE entry is marked as ...
CVE-2015-5151
CVE-2015-5151 affects the WordPress Slider Revolution (Revslider) plugin version 4.2.2. The vulnerability stems from inadequate validation/filtering of the client_action parameter in the revslider_ajax_action action called by wp-admin/admin-ajax.php, allowing remote attackers to inject arbitrary ...
CVE-2024-37449
CVE-2024-37449 is an XSS flaw in Slider Revolution (ThemePunch OHG) for WordPress, tracked as
CVE-2024-4581
CVE-2024-4581 affects the Slider Revolution WordPress plugin (versions up to and including 6.7.11). The vulnerability is a Stored XSS in the Add Layer widget caused by insufficient input sanitization and output escaping for user-supplied class, id, and title attributes. Exploitation requires an A...