CVE-2025-10249
BaseFortify
Publication date: 2025-10-09
Last updated on: 2025-10-09
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| slider_revolution | slider_revolution | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-23 | The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in the Slider Revolution plugin for WordPress is due to a missing capability check on several functions. This allows authenticated users with Contributor-level access or higher to perform unauthorized actions such as installing and activating plugin add-ons, creating sliders, and downloading arbitrary files.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers with Contributor-level access to modify your website's content and functionality without proper authorization. They can install and activate add-ons, create sliders, and download arbitrary files, potentially leading to data exposure or unauthorized changes to your site.