WordPress Plugin Vulnerabilities

Slider Revolution < 6.7.0 - Missing Authorization

Description

The Slider Revolution plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the init_rest_api function in versions up to 6.7.0. This makes it possible for unauthenticated attackers to update slider data.

Affects Plugins

Plugin icon
revslider
Fixed in 6.7.0

References

CVE
CVE-2024-34444
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/14feb451-2ece-467b-abf0-7abac26e40c1

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
6.4 (medium)

Miscellaneous

Original Researcher
Rafie Muhammad
Verified
No
WPVDB ID
f893fd2d-d040-408a-a800-99bf02e32230

Timeline

Publicly Published
2024-05-28 (about 1 year ago)
Added
2024-06-05 (about 1 year ago)
Last Updated
2024-06-05 (about 1 year ago)

Other

Published
Title
Published
2025-10-30
Title
Product Feed for WooCommerce < 2.3.2 - Missing Authorization
Published
2026-01-20
Title
WANotifier <= 2.7.12 - Missing Authorization
Published
2026-01-05
Title
Appointment Booking and Scheduling Calendar Plugin – WP Timetics < 1.0.37 - Missing Authorization to Unauthenticated Booking Details View And Modification
Published
2025-01-30
Title
Safe Ai Malware Protection for WP < 1.0.18 - Missing Authorization to Unauthenticated Database Export
Published
2023-10-03
Title
WP Mail SMTP Pro < 3.8.1 - Unauthenticated Email Address Disclosure