CVE-2026-9050
Received Received - Intake
Unauthorized Plugin Deactivation in Slider Revolution

Publication date: 2026-06-02

Last updated on: 2026-06-02

Assigner: Wordfence

Description
The Slider Revolution plugin for WordPress in versions 6.0.0-6.7.55 and 7.0.0-7.0.14 is vulnerable to unauthorized modification of data. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with Contributor-level access and above, to deactivate any active plugin installed on the site.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-02
Last Modified
2026-06-02
Generated
2026-06-02
AI Q&A
2026-06-02
EPSS Evaluated
N/A
NVD
CVE-2026-9050
EUVD
EUVD-2026-33850
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
slider_revolution slider_revolution From 6.0.0 (inc) to 6.7.56 (exc)
slider_revolution slider_revolution From 7.0.0 (inc) to 7.0.15 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

The vulnerability exists in the Slider Revolution plugin for WordPress versions 6.0.0-6.7.55 and 7.0.0-7.0.14. It allows authenticated users with Contributor-level access or higher to modify data without proper authorization checks. Specifically, these users can deactivate any active plugin installed on the WordPress site because the plugin does not properly verify user permissions before allowing such actions.


How can this vulnerability impact me? :

This vulnerability can impact you by allowing users with relatively low privileges (Contributor-level and above) to deactivate any active plugin on your WordPress site. This could disrupt site functionality, reduce security if security-related plugins are disabled, and potentially lead to further exploitation or downtime.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

The vulnerability allows authenticated attackers with Contributor-level access and above to deactivate any active plugin installed on the site due to improper authorization checks.

While the CVE description does not explicitly mention compliance with standards such as GDPR or HIPAA, unauthorized modification of data and potential disruption of security controls (like deactivating security plugins) could indirectly impact compliance by increasing the risk of data breaches or loss of data integrity.

However, no direct information is provided about the specific effects on compliance with these regulations.


What immediate steps should I take to mitigate this vulnerability?

The vulnerability allows authenticated users with Contributor-level access and above to deactivate any active plugin on the site due to improper authorization checks.

Immediate mitigation steps include restricting user roles to trusted users only and limiting Contributor-level access.

Additionally, updating the Slider Revolution plugin to a version later than 7.0.14 or 6.7.55 (whichever applies) once a patch is available is recommended to fix the vulnerability.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart