WordPress Plugin Vulnerabilities

Slider Revolution < 6.6.16 - Authenticated (Author+) Arbitrary File Upload

Description

The Slider Revolution plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 6.6.15. This makes it possible for attackers with author-level access and higher to upload arbitrary files on the affected site's server which may make remote code execution possible.

Affects Plugins

Plugin icon
revslider
Fixed in 6.6.16

References

CVE
CVE-2023-47784
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/e2d29afd-06e8-461a-918f-38228441a51a

Miscellaneous

Original Researcher
Rafie Muhammad
Verified
No
WPVDB ID
1b841a64-fb0a-434f-b7b4-0777f0480c87

Timeline

Publicly Published
2023-11-14 (about 2 years ago)
Added
2023-11-23 (about 2 years ago)
Last Updated
2024-01-22 (about 1 year ago)

Other

Published
Title
Published
2024-10-04
Title
Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress < 6.5.8 - Authenticated (Subscriber+) Limited JavaScript File Upload
Published
2025-05-07
Title
BEAF < 4.6.11 - Authenticated (Admin+) Arbitrary File Upload
Published
2024-06-26
Title
Auto Featured Image <= 1.2 - Authenticated (Contributor+) Arbitrary File Upload
Published
2025-07-03
Title
VikRentCar Car Rental Management System < 1.4.4 - Authenticated (Administrator+) Arbitrary File Upload
Published
2024-03-28
Title
Salon booking system < 9.5.1 - Unauthenticated Arbitrary File Upload