Sensitive Information Disclosure in Slider Revolution Plugin for WordPress
CVE-2026-7542
6.5MEDIUM
What is CVE-2026-7542?
The Slider Revolution plugin for WordPress exposes sensitive information due to multiple design vulnerabilities. These include leaking valid backend AJAX nonces to all authenticated users, allowing unauthorized access to certain actions via misconfigured access controls, and permitting attackers to provide custom URLs for resource importing. This allows authenticated users with Subscriber-level access or higher to read sensitive server files by exploiting the plugin’s lack of strict validation on file types and paths, potentially leading to the exposure of critical server data. Proper remediation strategies are necessary to mitigate these security risks.
Affected Version(s)
Slider Revolution 7.0 <= 7.0.10