CVE-2026-6692
Deferred Deferred - Pending Action
Arbitrary File Upload in Slider Revolution WordPress Plugin

Publication date: 2026-05-07

Last updated on: 2026-05-07

Assigner: Wordfence

Description
The Slider Revolution plugin for WordPress is vulnerable to Arbitrary File Upload in versions 7.0.0 to 7.0.10 via the '_get_media_url' and '_check_file_path' function. This is due to insufficient file type validation. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload files that may be executable, which makes remote code execution possible. The vulnerability was partially patched in version 7.0.10 and fully patched in version 7.0.11.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-07
Last Modified
2026-05-07
Generated
2026-06-16
AI Q&A
2026-05-07
EPSS Evaluated
2026-06-15
NVD
CVE-2026-6692
EUVD
EUVD-2026-28321
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
slider_revolution slider_revolution From 7.0.0 (inc) to 7.0.10 (inc)
slider_revolution slider_revolution to 7.0.10 (inc)
slider_revolution slider_revolution 7.0.11
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-434 The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-6692 is a vulnerability in the Slider Revolution plugin for WordPress, specifically in versions 7.0.0 to 7.0.10. It allows authenticated users with subscriber-level access or higher to upload arbitrary files due to insufficient file type validation in the '_get_media_url' and '_check_file_path' functions. This can lead to the upload of executable files, enabling remote code execution on the affected system. The issue was partially fixed in version 7.0.10 and fully patched in version 7.0.11.

Impact Analysis

This vulnerability can have severe impacts including unauthorized remote code execution, which means an attacker could run malicious code on your server. Since the exploit requires only subscriber-level access, it lowers the barrier for attackers to compromise your website. Potential consequences include website defacement, data theft, server takeover, and disruption of services.

Mitigation Strategies

To mitigate the CVE-2026-6692 vulnerability in the Slider Revolution WordPress plugin, you should immediately update the plugin to version 7.0.11 or later, where the vulnerability is fully patched.

Since the vulnerability allows authenticated users with subscriber-level access and above to upload potentially executable files, restricting user permissions and monitoring file uploads can also help reduce risk until the update is applied.

Following general WordPress security best practices, such as limiting plugin usage to trusted sources and regularly applying security updates, is also recommended.

Compliance Impact

The provided information does not specify how CVE-2026-6692 affects compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-6692. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart