cbcvebase.

Revolution Slider Slider Revolution vulnerabilities

12 known vulnerabilities affecting revolution_slider/slider_revolution.

Total CVEs
12
CISA KEV
0
Public exploits
0
Exploited in wild
1
Severity breakdown
HIGH1MEDIUM11

Vulnerabilities

Page 1 of 1
CVE-2026-6692P1HIGHCVSS 8.8Exploited≥ 7.0.0, ≤ 7.0.102026-05-07
CVE-2026-6692 [HIGH] CWE-434 CVE-2026-6692: The Slider Revolution plugin for WordPress is vulnerable to Arbitrary File Upload in versions 7.0.0 The Slider Revolution plugin for WordPress is vulnerable to Arbitrary File Upload in versions 7.0.0 to 7.0.10 via the '_get_media_url' and '_check_file_path' function. This is due to insufficient file type validation. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload files that may be executable, which
nvd
CVE-2025-10249P3MEDIUMCVSS 6.5≤ 6.7.372025-10-09
CVE-2025-10249 [MEDIUM] CWE-23 CVE-2025-10249: The Slider Revolution plugin for WordPress is vulnerable to unauthorized access and modification of The Slider Revolution plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on several functions in all versions up to, and including, 6.7.37. This makes it possible for authenticated attackers, with Contributor-level access and above, to install and activate plugin add-ons, create sliders
nvd
CVE-2025-9217P3MEDIUMCVSS 6.5≤ 6.7.362025-08-29
CVE-2025-9217 [MEDIUM] CWE-22 CVE-2025-9217: The Slider Revolution plugin for WordPress is vulnerable to Path Traversal in all versions up to, an The Slider Revolution plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 6.7.36 via the 'used_svg' and 'used_images' parameters. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive informati
nvd
CVE-2026-7542P3MEDIUMCVSS 6.5≥ 7.0, ≤ 7.0.102026-06-09
CVE-2026-7542 [MEDIUM] CWE-200 CVE-2026-7542: The Slider Revolution plugin for WordPress is vulnerable to Sensitive Information Disclosure in vers The Slider Revolution plugin for WordPress is vulnerable to Sensitive Information Disclosure in versions up to and including 7.0.10. This is due to three compounding design flaws: (1) the plugin leaks a valid backend AJAX nonce (revslider_actions) to all authenticated users including Subscribers via the admin_footer hook; (2) the wordpress.create.imag
nvd
CVE-2024-2306P4MEDIUMCVSS 6.4≤ 6.6.202024-04-09
CVE-2024-2306 [MEDIUM] CWE-79 CVE-2024-2306: The Revslider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via svg upload in al The Revslider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via svg upload in all versions up to, and including, 6.6.20 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. B
nvd
CVE-2026-6728P4MEDIUMCVSS 5.3≥ 6.0, ≤ 6.7.54≥ 7.0, ≤ 7.0.92026-05-20
CVE-2026-6728 [MEDIUM] CWE-200 CVE-2026-6728: The Slider Revolution plugin for WordPress is vulnerable to Sensitive Information Exposure in versio The Slider Revolution plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 7.0.9 via the 'get_stream_data()' function. This makes it possible for unauthenticated attackers to extract sensitive data including published password-protected post, page, and product content.
nvd
CVE-2024-4092P4MEDIUMCVSS 5.4≤ 6.7.72024-05-02
CVE-2024-4092 [MEDIUM] CWE-79 CVE-2024-4092: The Slider Revolution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘htm The Slider Revolution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘htmltag’ parameter in all versions up to, and including, 6.7.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses
nvd
CVE-2024-8107P4MEDIUMCVSS 5.4≤ 6.7.182024-10-01
CVE-2024-8107 [MEDIUM] CWE-79 CVE-2024-8107: The Slider Revolution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File The Slider Revolution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 6.7.18 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will e
nvd
CVE-2024-4581P4MEDIUMCVSS 5.4≤ 6.7.102024-06-04
CVE-2024-4581 [MEDIUM] CWE-79 CVE-2024-4581: The Slider Revolution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plug The Slider Revolution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Add Layer widget in all versions up to, and including, 6.7.11 due to insufficient input sanitization and output escaping on the user supplied 'class', 'id', and 'title' attributes. This makes it possible for authenticated attackers, with author-leve
nvd
CVE-2024-4637P4MEDIUMCVSS 5.4≤ 6.7.102024-06-04
CVE-2024-4637 [MEDIUM] CWE-79 CVE-2024-4637: The Slider Revolution plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versi The Slider Revolution plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 6.7.10 due to insufficient input sanitization and output escaping on the user supplied Elementor 'wrapperid' and 'zindex' display attributes. This makes it possible for authenticated attackers, with contributor-level access and
nvd
CVE-2026-9048P4MEDIUMCVSS 4.3≥ 7.0.0, ≤ 7.0.142026-06-02
CVE-2026-9048 [MEDIUM] CWE-863 CVE-2026-9048: The Slider Revolution plugin for WordPress is vulnerable to Sensitive Information Exposure in versio The Slider Revolution plugin for WordPress is vulnerable to Sensitive Information Exposure in versions 7.0.0 - 7.0.14, via the 'slider.get.full' AJAX Action. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including raw social media API credentials: the Instagram OAuth token, Flick
nvd
CVE-2026-9050P4MEDIUMCVSS 4.3≥ 6.0.0, ≤ 6.7.55≥ 7.0.0, ≤ 7.0.142026-06-02
CVE-2026-9050 [MEDIUM] CWE-862 CVE-2026-9050: The Slider Revolution plugin for WordPress in versions 6.0.0-6.7.55 and 7.0.0-7.0.14 is vulnerable t The Slider Revolution plugin for WordPress in versions 6.0.0-6.7.55 and 7.0.0-7.0.14 is vulnerable to unauthorized modification of data. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with Contributor-level access and above, to deactivate any active p
nvd
Revolution Slider Slider Revolution vulnerabilities | cvebase