Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Revolution Slider — Vulnerabilities & Security Advisories 8

Browse all 8 CVE security advisories affecting Revolution Slider. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Revolution Slider serves as a WordPress plugin for creating responsive sliders and carousels on websites. Historically, it has been vulnerable to multiple security issues including remote code execution, cross-site scripting, and privilege escalation vulnerabilities. The plugin's 8 recorded CVEs highlight recurring problems related to insufficient input validation and improper access controls. Notable incidents include cases where attackers exploited these vulnerabilities to upload web shells, compromise websites, and distribute malware. Despite updates, the plugin's complex functionality continues to present security challenges, making it a frequent target in WordPress environments.

Top products by Revolution Slider: Slider Revolution
CVE IDTitleCVSSSeverityPublished
CVE-2026-6692 Slider Revolution 7.0.0 - 7.0.10 - Authenticated (Subscriber+) Arbitrary File Upload via _get_media_url — Slider RevolutionCWE-434 8.8 High2026-05-07
CVE-2025-10249 Slider Revolution <= 6.7.37 - Missing Authorization to Authenticated (Contributor+) Arbitrary File Read — Slider RevolutionCWE-23 6.5 Medium2025-10-09
CVE-2025-9217 Slider Revolution <= 6.7.36 - Authenticated (Contributor+) Arbitrary File Read via 'used_svg' and 'used_images' — Slider RevolutionCWE-22 6.5 Medium2025-08-29
CVE-2024-8107 Slider Revolution <= 6.7.18 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload — Slider RevolutionCWE-79 6.4 Medium2024-10-01
CVE-2024-4637 Slider Revolution <= 6.7.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via Elementor wrapperid and zindex — Slider RevolutionCWE-79 6.4 Medium2024-06-04
CVE-2024-4581 Slider Revolution <= 6.7.11 - Authenticated (Author+) Stored Cross-Site Scripting via Add Layer class, id, and title Attributes — Slider RevolutionCWE-79 6.4 Medium2024-06-04
CVE-2024-4092 Slider Revolution <= 6.7.7 - Authenticated (Author+) Stored Cross-Site Scripting via htmltag Parameter — Slider RevolutionCWE-79 6.4 Medium2024-05-02
CVE-2024-2306 Revslider <= 6.6.20 - Authenticated (Author+) Stored Cross-Site Scripting — Slider RevolutionCWE-79 6.4 Medium2024-04-09

This page lists every published CVE security advisory associated with Revolution Slider. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.