CVE-2026-6728
Sensitive Information Exposure in Slider Revolution WordPress Plugin
Publication date: 2026-05-20
Last updated on: 2026-05-20
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| slider_revolution | slider_revolution | to 7.0.9 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The Slider Revolution plugin for WordPress, in versions up to and including 7.0.9, has a vulnerability in the 'get_stream_data()' function that allows unauthenticated attackers to access sensitive information.
Specifically, attackers can extract sensitive data such as published password-protected posts, pages, and product content without needing to be logged in.
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized disclosure of sensitive information, including content that is meant to be protected by passwords.
As a result, confidential or restricted content on your WordPress site could be exposed to anyone, potentially harming your site's privacy and trustworthiness.
The CVSS base score of 5.3 indicates a medium severity impact with low attack complexity and no privileges required, meaning it is relatively easy for attackers to exploit.
What immediate steps should I take to mitigate this vulnerability?
To mitigate the vulnerability in the Slider Revolution plugin for WordPress, you should update the plugin to version 7.0.14 or later, as this version includes fixes addressing unauthorized sensitive information exposure.
Ensure that your WordPress installation is compatible with the updated plugin version (7.0.14 is compatible with WordPress 6.9).
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability in the Slider Revolution plugin allows unauthenticated attackers to extract sensitive data, including published password-protected post, page, and product content.
Exposure of sensitive information can lead to non-compliance with data protection regulations such as GDPR and HIPAA, which require safeguarding personal and sensitive data against unauthorized access.
Therefore, this vulnerability potentially compromises compliance with these standards by enabling unauthorized disclosure of protected information.