WordPress Plugin Vulnerabilities

Slider Revolution < 6.7.0 - Missing Authorization

Description

The Slider Revolution plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the init_rest_api function in versions up to 6.7.0. This makes it possible for unauthenticated attackers to update slider data.

Affects Plugins

Plugin icon
revslider
Fixed in 6.7.0

References

CVE
CVE-2024-34444
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/14feb451-2ece-467b-abf0-7abac26e40c1

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
6.4 (medium)

Miscellaneous

Original Researcher
Rafie Muhammad
Verified
No
WPVDB ID
f893fd2d-d040-408a-a800-99bf02e32230

Timeline

Publicly Published
2024-05-28 (about 1 year ago)
Added
2024-06-05 (about 1 year ago)
Last Updated
2024-06-05 (about 1 year ago)

Other

Published
Title
Published
2024-04-30
Title
WooCommerce AWeber Newsletter Subscription < 4.0.3 - Missing Authorization to Access Token Modification
Published
2025-01-30
Title
Media Manager for UserPro <= 3.12.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update
Published
2023-08-16
Title
Comments Like Dislike < 1.2.0 - Subscriber+ Settings Reset
Published
2024-06-06
Title
Podlove Web Player < 5.7.4 - Missing Authorization to Unauthenticated Information Exposure
Published
2026-02-16
Title
WowRevenue < 2.1.4 - Subscriber+ Arbitrary Plugin Installation/Activation