Slider Revolution

Wordfence Intelligence   >   Vulnerability Database   >   WordPress Plugins   >   Slider Revolution

Information

Software Type Plugin
Software Slug revslider
Software Status Active
Software Author Revolution Slider
Software Website www.sliderrevolution.com
Software Record Last Updated May 2, 2024

9 Vulnerabilities

Slider Revolution < 3.0.96 & Showbiz Pro < 1.7.1 - Missing Authorization to Arbitrary File Upload
9.8
CVE-2014-9735
Nov 25, 2014
Researcher: Simo Ben youssef
Slider Revolution <= 4.2.2 - Cross-Site Scripting
7.2
CVE-2015-5151
Dec 17, 2014
Researcher: indoushka
Slider Revolution <= 4.1.4 - Directory Traversal
7.5
CVE-2014-9734
Dec 17, 2014
Researchers:
Slider Revolution <= 6.6.12 - Authenticated (Administrator+) Arbitrary File Upload
7.2
CVE-2023-2359
May 22, 2023
Researcher: Marco Frison
Slider Revolution <= 6.6.15 - Authenticated (Author+) Arbitrary File Upload
7.2
CVE-2023-47784
Nov 14, 2023
Researcher: Rafie Muhammad
Slider Revolution <= 6.6.14 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2023-47772
Nov 14, 2023
Researcher: Rafie Muhammad
Slider Revolution < 6.6.19 - Authenticated (Author+) PHP Object Injection
8.8
CVE-2023-6528
Nov 30, 2023
Researchers: Vaibhav Rajput, Prajyot Chemburkar
Revslider <= 6.6.20 - Authenticated (Author+) Stored Cross-Site Scripting
6.4
CVE-2024-2306
Apr 8, 2024
Researchers: wesley (wcraft), Nikolas
Slider Revolution <= 6.7.7 - Authenticated (Author+) Stored Cross-Site Scripting via htmltag Parameter
6.4
CVE-2024-4092
Apr 30, 2024
Researcher: wesley (wcraft)
Title Status CVE ID CVSS Researchers Date
Slider Revolution < 3.0.96 & Showbiz Pro < 1.7.1 - Missing Authorization to Arbitrary File Upload Patched CVE-2014-9735 9.8 Simo Ben youssef November 25, 2014
Slider Revolution <= 4.2.2 - Cross-Site Scripting Patched CVE-2015-5151 7.2 indoushka December 17, 2014
Slider Revolution <= 4.1.4 - Directory Traversal Patched CVE-2014-9734 7.5 December 17, 2014
Slider Revolution <= 6.6.12 - Authenticated (Administrator+) Arbitrary File Upload Patched CVE-2023-2359 7.2 Marco Frison May 22, 2023
Slider Revolution <= 6.6.15 - Authenticated (Author+) Arbitrary File Upload Patched CVE-2023-47784 7.2 Rafie Muhammad November 14, 2023
Slider Revolution <= 6.6.14 - Authenticated (Contributor+) Stored Cross-Site Scripting Patched CVE-2023-47772 6.4 Rafie Muhammad November 14, 2023
Slider Revolution < 6.6.19 - Authenticated (Author+) PHP Object Injection Patched CVE-2023-6528 8.8 Vaibhav Rajput, Prajyot Chemburkar November 30, 2023
Revslider <= 6.6.20 - Authenticated (Author+) Stored Cross-Site Scripting Patched CVE-2024-2306 6.4 wesley (wcraft), Nikolas April 8, 2024
Slider Revolution <= 6.7.7 - Authenticated (Author+) Stored Cross-Site Scripting via htmltag Parameter Patched CVE-2024-4092 6.4 wesley (wcraft) April 30, 2024

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation