CVE-2026-7542
Received Received - Intake
Sensitive Information Disclosure in Slider Revolution WordPress Plugin

Publication date: 2026-06-09

Last updated on: 2026-06-09

Assigner: Wordfence

Description
The Slider Revolution plugin for WordPress is vulnerable to Sensitive Information Disclosure in versions up to and including 7.0.10. This is due to three compounding design flaws: (1) the plugin leaks a valid backend AJAX nonce (revslider_actions) to all authenticated users including Subscribers via the admin_footer hook; (2) the wordpress.create.image_from_url action is explicitly allowlisted in the $user_allowed array, bypassing the administrator-only access control; (3) the create_wordpress_image_from_url() function accepts an attacker-controlled url parameter that is passed to import_media(), where path_or_url_exists() explicitly accepts local filesystem paths (file_exists() && is_readable()) with no restriction to remote HTTP/HTTPS URLs, and @copy() physically copies those files into the publicly accessible /wp-content/uploads/revslider/ai/ directory. The MIME type check trusts the attacker-supplied content_type parameter to derive the destination extension without verifying actual file content, and the source extension blacklist does not block many sensitive types (.sql, .log, .json, .bak, .xml, .csv, .conf, .yml, .yaml, .pem, .key, .crt, .txt, .db, etc.). This makes it possible for authenticated attackers with Subscriber-level access and above to read the contents of server files with non-blacklisted extensions by having them copied to a publicly accessible URL.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-09
Last Modified
2026-06-09
Generated
2026-06-09
AI Q&A
2026-06-09
EPSS Evaluated
N/A
NVD
CVE-2026-7542
EUVD
EUVD-2026-35376
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
slider_revolution slider_revolution to 7.0.10 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-200 The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The Slider Revolution plugin for WordPress, up to version 7.0.10, has a vulnerability that allows sensitive information disclosure. This happens because of three main design flaws: first, the plugin leaks a valid backend AJAX nonce to all authenticated users, including those with Subscriber-level access; second, an action that should be restricted to administrators is explicitly allowlisted for other users; third, a function accepts an attacker-controlled URL parameter that can point to local filesystem paths, which are then copied to a publicly accessible directory without proper validation. Additionally, the MIME type check trusts attacker-supplied content types and the blacklist does not block many sensitive file extensions. This combination allows authenticated attackers to read server files with certain extensions by having them copied to a public URL.

Impact Analysis

This vulnerability can impact you by allowing attackers with Subscriber-level or higher access to read sensitive server files that should not be publicly accessible. Since the plugin copies files from the server to a public directory without proper restrictions, attackers can access confidential information such as configuration files, logs, database dumps, or keys if those files have extensions not blocked by the plugin. This can lead to exposure of sensitive data, potentially compromising the security of your website and server.

Detection Guidance

This vulnerability involves the Slider Revolution plugin leaking a valid backend AJAX nonce to authenticated users and allowing file copying to a publicly accessible directory. Detection would involve checking for the presence of the vulnerable plugin version (up to and including 7.0.10) and monitoring for unauthorized access or copying of sensitive files.

You can detect the vulnerability by verifying the installed version of the Slider Revolution plugin on your WordPress site. For example, use the following command to check the plugin version if you have shell access to the WordPress installation:

  • grep -i 'Version:' wp-content/plugins/revslider/revslider.php

Additionally, you can look for suspicious files in the publicly accessible directory /wp-content/uploads/revslider/ai/ that may indicate exploitation.

To detect attempts to exploit the vulnerability via network monitoring, you can search web server logs for requests accessing files under /wp-content/uploads/revslider/ai/ or for AJAX requests involving the revslider_actions nonce.

Mitigation Strategies

The primary mitigation step is to update the Slider Revolution plugin to a version later than 7.0.10, as the vulnerability affects versions up to and including 7.0.10.

According to the changelog, version 7.0.11 and later include fixes addressing unauthorized sensitive information exposure and arbitrary file uploads.

  • Update Slider Revolution plugin to version 7.0.11 or later.
  • Restrict access to the /wp-content/uploads/revslider/ai/ directory via web server configuration to prevent public access to copied files.
  • Review user permissions to ensure that only trusted users have authenticated access to the WordPress admin area.

If immediate updating is not possible, consider disabling the plugin temporarily or restricting authenticated user roles to prevent exploitation.

Compliance Impact

The vulnerability in the Slider Revolution plugin allows authenticated users with Subscriber-level access to read sensitive server files by copying them to a publicly accessible URL. This exposure of sensitive information could lead to non-compliance with data protection regulations such as GDPR and HIPAA, which require the protection of personal and sensitive data from unauthorized access or disclosure.

Since the vulnerability enables sensitive information disclosure without proper access controls, organizations using affected versions of the plugin may face increased risk of data breaches, potentially violating regulatory requirements for confidentiality and data security.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-7542. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart