216.73.217.64

CVE-2026-6692

· Published 07/05/2026 06:16 · Modified 07/05/2026 14:00

Labels: CVE-2026-6692 2026-05-07CVE-2026-6692CWE-434[email protected]

Essential information

Published
07/05/2026 06:16
Modified
07/05/2026 14:00
Author
Creator
CVSS
8.8 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS metrics

Description

The Slider Revolution plugin for WordPress is vulnerable to Arbitrary File Upload in versions 7.0.0 to 7.0.10 via the '_get_media_url' and '_check_file_path' function. This is due to insufficient file type validation. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload files that may be executable, which makes remote code execution possible. The vulnerability was partially patched in version 7.0.10 and fully patched in version 7.0.11.

NVD status

Status
Deferred — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
slider revolution / slider revolution cpe:2.3:a:slider_revolution:slider_revolution:7.0.0-7.0.10:*:*:*:*:wordpress:*:*
slider revolution / slider revolution cpe:2.3:a:slider_revolution:slider_revolution:7.0.11:*:*:*:*:wordpress:*:*

References