Sensitive Information Disclosure in Slider Revolution Plugin for WordPress
CVE-2026-7542

6.5MEDIUM

Key Information:

Vendor

WordPress

Vendor
CVE Published:
9 June 2026

What is CVE-2026-7542?

The Slider Revolution plugin for WordPress exposes sensitive information due to multiple design vulnerabilities. These include leaking valid backend AJAX nonces to all authenticated users, allowing unauthorized access to certain actions via misconfigured access controls, and permitting attackers to provide custom URLs for resource importing. This allows authenticated users with Subscriber-level access or higher to read sensitive server files by exploiting the plugin’s lack of strict validation on file types and paths, potentially leading to the exposure of critical server data. Proper remediation strategies are necessary to mitigate these security risks.

Affected Version(s)

Slider Revolution 7.0 <= 7.0.10

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Luc Huynh from Noventiq RedTeam
.