WordPress Slider Revolution Plugin <= 6.6.15 is vulnerable to Arbitrary File Upload
CVE-2023-47784

8.4HIGH

Key Information:

Vendor: WordPress
Status: Slider Revolution
Vendor: CVE Published:; 20 December 2023

What is CVE-2023-47784?

The Slider Revolution plugin developed by ThemePunch contains a vulnerability that allows for unrestricted file uploads. This flaw could be exploited by attackers to upload malicious files that may compromise the integrity and security of the server. It particularly affects versions of Slider Revolution from n/a through 6.6.15, emphasizing the need for users to upgrade their installations promptly to mitigate potential risks.

Affected Version(s)

Slider Revolution <= 6.6.15

References

https://patchstack.com/database/vulnerability/revslider/w...

vdb-entry

CVSS V3.1

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 20, 2023
Vulnerability Reserved
Nov 9, 2023

Credit

Rafie Muhammad (Patchstack)