CVE-2026-6692
Received Received - Intake
Arbitrary File Upload in Slider Revolution WordPress Plugin

Publication date: 2026-05-07

Last updated on: 2026-05-07

Assigner: Wordfence

Description
The Slider Revolution plugin for WordPress is vulnerable to Arbitrary File Upload in versions 7.0.0 to 7.0.10 via the '_get_media_url' and '_check_file_path' function. This is due to insufficient file type validation. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload files that may be executable, which makes remote code execution possible. The vulnerability was partially patched in version 7.0.10 and fully patched in version 7.0.11.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-07
Last Modified
2026-05-07
Generated
2026-05-07
AI Q&A
2026-05-07
EPSS Evaluated
N/A
NVD
CVE-2026-6692
EUVD
EUVD-2026-28321
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
slider_revolution slider_revolution From 7.0.0 (inc) to 7.0.10 (inc)
slider_revolution slider_revolution to 7.0.10 (inc)
slider_revolution slider_revolution 7.0.11
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-434 The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2026-6692 is a vulnerability in the Slider Revolution plugin for WordPress, specifically in versions 7.0.0 to 7.0.10. It allows authenticated users with subscriber-level access or higher to upload arbitrary files due to insufficient file type validation in the '_get_media_url' and '_check_file_path' functions. This can lead to the upload of executable files, enabling remote code execution on the affected system. The issue was partially fixed in version 7.0.10 and fully patched in version 7.0.11.


How can this vulnerability impact me? :

This vulnerability can have severe impacts including unauthorized remote code execution, which means an attacker could run malicious code on your server. Since the exploit requires only subscriber-level access, it lowers the barrier for attackers to compromise your website. Potential consequences include website defacement, data theft, server takeover, and disruption of services.


What immediate steps should I take to mitigate this vulnerability?

To mitigate the CVE-2026-6692 vulnerability in the Slider Revolution WordPress plugin, you should immediately update the plugin to version 7.0.11 or later, where the vulnerability is fully patched.

Since the vulnerability allows authenticated users with subscriber-level access and above to upload potentially executable files, restricting user permissions and monitoring file uploads can also help reduce risk until the update is applied.

Following general WordPress security best practices, such as limiting plugin usage to trusted sources and regularly applying security updates, is also recommended.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart