Slider Revolution 7.0.0 – 7.0.10 – Subscriber+ Arbitrary File Upload via _get_media_url | CVE 2026-6692 | Plugin Vulnerabilities

Description

The plugin is vulnerable to Arbitrary File Upload in versions 7.0.0 to 7.0.10 via the '_get_media_url' and '_check_file_path' function. This is due to insufficient file type validation. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload files that may be executable, which makes remote code execution possible. The vulnerability was partially patched in version 7.0.10 and fully patched in version 7.0.11.

Affects Plugins

Fixed in 7.0.11

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/a2e802a6-d2f1-47cc-883a-89110e569168

Miscellaneous

Original Researcher

h0xilo

Verified

Yes

WPVDB ID

0c8eaa56-9fa3-4394-86f4-3b15e7078c10

Timeline

Publicly Published

2026-05-06 (about 1 month ago)

Added

2026-05-06 (about 1 month ago)

Last Updated

2026-06-05 (about 1 day ago)

Other

Published

Title

Published

2024-10-14

Title

Azz Anonim Posting <= 0.9 - Unauthenticated Arbitrary File Upload

Published

2016-06-22

Title

Cherry Plugin < 1.2.7 - Unauthenticated Arbitrary File Upload and Download

Published

2014-08-01

Title

Evarisk 5.1.5.4 - include/lib/actionsCorrectives/activite/uploadPhotoApres.php File Upload PHP Code Execution

Published

2025-03-11

Title

ThemeEgg ToolKit <= 1.2.9 - Authenticated (Administrator+) Arbitrary File Upload

Published

2014-08-01

Title

seo-spy-google - ofc_upload_image.php Arbitrary File Upload