Arbitrary File Upload Vulnerability in Slider Revolution Plugin for WordPress
CVE-2026-6692

8.8HIGH

Key Information:

Vendor: WordPress
Status: Slider Revolution
Vendor: CVE Published:; 7 May 2026

What is CVE-2026-6692?

The Slider Revolution plugin for WordPress suffers from an Arbitrary File Upload vulnerability due to insufficient validation of file types in the '_get_media_url' and '_check_file_path' functions. This security flaw allows authenticated users with subscriber-level access and higher to upload potentially executable files, leading to the risk of remote code execution. The issue was partially addressed in version 7.0.10 and fully resolved in version 7.0.11. Users are urged to update to the latest version to mitigate potential risks.

Affected Version(s)

Slider Revolution 7.0.0 <= 7.0.10

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://www.sliderrevolution.com/

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 7, 2026
Vulnerability Reserved
Apr 20, 2026

Credit

Phú

CVE-2026-6692 Data

JSON