Arbitrary Content Unserialization Vulnerability in Slider Revolution WordPress Plugin by ThemePunch
CVE-2023-6528
8.8HIGH
Key Information:
- Vendor
Wordpress
- Status
- Vendor
- CVE Published:
- 8 January 2024
Badges
๐พ Exploit Exists๐ก Public PoC
What is CVE-2023-6528?
A vulnerability exists in the Slider Revolution WordPress plugin, affecting versions prior to 6.6.19. The issue arises due to inadequate validation of user roles, allowing individuals with the Author role to unserialize arbitrary content while importing sliders. This flaw could lead to Remote Code Execution, exposing websites to potential attacks and manipulation of server resources. Proper attention to plugin updates and user permissions is essential to mitigate this risk.
Affected Version(s)
Slider Revolution 0 < 6.6.19
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.