CVE-2026-6728— Slider Revolution <= 7.0.9 - Unauthenticated Sensitive Information Exposure via 'sliders/stream'
Possible ATT&CK Techniques 2AI
T1530 · Data from Cloud Storage T1213 · Data from Information RepositoriesAffected Version Matrix 1
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Revolution Slider | Slider Revolution | ≤ 7.0.9 | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-6728
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Slider Revolution <= 7.0.9 - Unauthenticated Sensitive Information Exposure via 'sliders/stream'
Source: NVD (National Vulnerability Database)
Vulnerability Description
The Slider Revolution plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 7.0.9 via the 'get_stream_data()' function. This makes it possible for unauthenticated attackers to extract sensitive data including published password-protected post, page, and product content.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
信息暴露
Source: NVD (National Vulnerability Database)
Vulnerability Title
WordPress plugin Slider Revolution 信息泄露漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台具有在基于PHP和MySQL的服务器上架设个人博客网站的功能。WordPress plugin是一个应用插件。 WordPress plugin Slider Revolution 7.0.9及之前版本存在信息泄露漏洞,该漏洞源于get_stream_data函数导致敏感信息暴露,可能使未经验证的攻击者提取包括已发布密码保护的文章、页面和产品内容在内的敏感数据
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Revolution Slider | Slider Revolution | 0 ~ 7.0.9 | - |
II. Public POCs for CVE-2026-6728
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-6728
请登录查看更多情报信息。
Vendor Advisories for CVE-2026-6728 (1)
News Coverage for CVE-2026-6728 (1)
IV. Related Vulnerabilities
Same product: Slider Revolution
- CVE-2026-6692
Slider Revolution 7.0.0 - 7.0.10 - Authenticated (Subscriber - CVE-2025-10249
Slider Revolution <= 6.7.37 - Missing Authorization to Authe - CVE-2025-9217
Slider Revolution <= 6.7.36 - Authenticated (Contributor+) A - CVE-2024-8107
Slider Revolution <= 6.7.18 - Authenticated (Author+) Stored - CVE-2024-37449
WordPress Slider Revolution plugin <= 6.7.13 - Cross Site Sc
Same vendor: Revolution Slider
- CVE-2026-6692
Slider Revolution 7.0.0 - 7.0.10 - Authenticated (Subscriber - CVE-2025-10249
Slider Revolution <= 6.7.37 - Missing Authorization to Authe - CVE-2025-9217
Slider Revolution <= 6.7.36 - Authenticated (Contributor+) A - CVE-2024-8107
Slider Revolution <= 6.7.18 - Authenticated (Author+) Stored - CVE-2024-4637
Slider Revolution <= 6.7.10 - Authenticated (Contributor+) S
Same weakness: CWE-200
- CVE-2026-9352
NousResearch hermes-agent Messaging Gateway local.py _make_r - CVE-2026-9349
calcom cal.diy Generic React API bookings-single-view.getSer - CVE-2026-40166
authentik: Non-admin user can retrieve confidential OAuth cl - CVE-2026-3636
Sanitize team member data returned by API - CVE-2026-7636
Slider by Soliloquy <= 2.8.1 - Authenticated (Subscriber+) I
V. Comments for CVE-2026-6728
No comments yet