🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Slider Revolution

Wordfence Intelligence > Vulnerability Database > WordPress Plugins > Slider Revolution

Information

Software Type	Plugin
Software Slug	revslider
Software Status	Active
Software Author	Revolution Slider
Software Website	www.sliderrevolution.com
Software Record Last Updated	April 17, 2024

8 Vulnerabilities

Revslider <= 6.6.20 - Authenticated (Author+) Stored Cross-Site Scripting

6.4

CVE-2024-2306

Apr 8, 2024

Researchers: wesley (wcraft), Nikolas

Slider Revolution < 6.6.19 - Authenticated (Author+) PHP Object Injection

8.8

CVE-2023-6528

Nov 30, 2023

Researchers: Vaibhav Rajput, Prajyot Chemburkar

Slider Revolution <= 6.6.15 - Authenticated (Author+) Arbitrary File Upload

7.2

CVE-2023-47784

Nov 14, 2023

Researcher: Rafie Muhammad

Slider Revolution <= 6.6.14 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2023-47772

Nov 14, 2023

Researcher: Rafie Muhammad

Slider Revolution <= 6.6.12 - Authenticated (Administrator+) Arbitrary File Upload

7.2

CVE-2023-2359

May 22, 2023

Researcher: Marco Frison

Slider Revolution <= 4.2.2 - Cross-Site Scripting

7.2

CVE-2015-5151

Dec 17, 2014

Researcher: indoushka

Slider Revolution <= 4.1.4 - Directory Traversal

7.5

CVE-2014-9734

Dec 17, 2014

Researchers:

Slider Revolution < 3.0.96 & Showbiz Pro < 1.7.1 - Missing Authorization to Arbitrary File Upload

9.8

CVE-2014-9735

Nov 25, 2014

Researcher: Simo Ben youssef

Title	CVE ID	CVSS	Researchers	Date
Revslider <= 6.6.20 - Authenticated (Author+) Stored Cross-Site Scripting	CVE-2024-2306	6.4	wesley (wcraft), Nikolas	April 8, 2024
Slider Revolution < 6.6.19 - Authenticated (Author+) PHP Object Injection	CVE-2023-6528	8.8	Vaibhav Rajput, Prajyot Chemburkar	November 30, 2023
Slider Revolution <= 6.6.15 - Authenticated (Author+) Arbitrary File Upload	CVE-2023-47784	7.2	Rafie Muhammad	November 14, 2023
Slider Revolution <= 6.6.14 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2023-47772	6.4	Rafie Muhammad	November 14, 2023
Slider Revolution <= 6.6.12 - Authenticated (Administrator+) Arbitrary File Upload	CVE-2023-2359	7.2	Marco Frison	May 22, 2023
Slider Revolution <= 4.2.2 - Cross-Site Scripting	CVE-2015-5151	7.2	indoushka	December 17, 2014
Slider Revolution <= 4.1.4 - Directory Traversal	CVE-2014-9734	7.5		December 17, 2014
Slider Revolution < 3.0.96 & Showbiz Pro < 1.7.1 - Missing Authorization to Arbitrary File Upload	CVE-2014-9735	9.8	Simo Ben youssef	November 25, 2014

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation