https://www.apetours.it - iThemes Security Site Scanner

WordPress Slider Revolution plugin <= 6.7.11 - Authenticated (Author+) Stored Cross-Site Scripting via Add Layer class, id, and title Attributes vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:: Cross Site Scripting (XSS)
Score:: 5.9

Fixed in Version 6.7.11

PatchStack

Details

CVE

2024-4581

Publicly Published: 2026-02-02
Created: 2026-02-02

WordPress Slider Revolution plugin <= 6.7.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via Elementor wrapperid and zindex vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:: Cross Site Scripting (XSS)
Score:: 6.5

Fixed in Version 6.7.11

PatchStack

Details

CVE

2024-4637

Publicly Published: 2026-02-02
Created: 2026-02-02

WordPress Slider Revolution plugin <= 6.7.37 - Missing Authorization to Authenticated (Contributor+) Arbitrary File Read vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:: Broken Access Control
Score:: 6.5

Fixed in Version 6.7.38

PatchStack

Details

CVE

2025-10249

Publicly Published: 2025-10-09
Created: 2025-10-09

WordPress Slider Revolution plugin <= 6.7.36 - Authenticated (Contributor+) Arbitrary File Read via 'used_svg' and 'used_images' vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:: Arbitrary File Download
Score:: 6.5

Fixed in Version 6.7.37

PatchStack

Details

CVE

2025-9217

Publicly Published: 2025-08-29
Created: 2025-08-29

WordPress Slider Revolution plugin <= 6.7.18 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:: Cross Site Scripting (XSS)
Score:: 5.9

Fixed in Version 6.7.19

PatchStack

Details

CVE

2024-8107

Publicly Published: 2024-10-01
Created: 2024-10-01

WordPress Slider Revolution plugin <= 6.7.13 - Cross Site Scripting (XSS) vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:: Cross Site Scripting (XSS)
Score:: 5.9

Fixed in Version 6.7.14

PatchStack

Details

CVE

2024-37449

Publicly Published: 2024-06-28
Created: 2024-06-28

WordPress Slider Revolution plugin < 6.7.0 - Unauthenticated Broken Access Control vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:: Broken Access Control
Score:: 7.1

Fixed in Version 6.7.0

PatchStack

Details

CVE

2024-34444

Publicly Published: 2024-05-28
Created: 2024-05-28

WordPress Slider Revolution plugin < 6.7.11 - Cross Site Scripting (XSS) vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:: Cross Site Scripting (XSS)
Score:: 5.9

Fixed in Version 6.7.11

PatchStack

Details

CVE

2024-34443

Publicly Published: 2024-05-28
Created: 2024-05-28

WordPress Slider Revolution plugin <= 6.7.7 - Authenticated (Author+) Stored Cross-Site Scripting via htmltag Parameter vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:: Cross Site Scripting (XSS)
Score:: 6.5

Fixed in Version 6.7.8

PatchStack

Details

CVE

2024-4092

Publicly Published: 2024-05-01
Created: 2024-05-01

WordPress Revslider plugin <= 6.6.20 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:: Cross Site Scripting (XSS)
Score:: 5.9

Fixed in Version 6.7.0

PatchStack

Details

CVE

2024-2306

Publicly Published: 2024-04-09
Created: 2024-04-09

WordPress Slider Revolution plugin <= 6.6.15 - Author+ Arbitrary File Upload vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:: Arbitrary File Upload
Score:: 8.4

Fixed in Version 6.6.16

PatchStack

Details

CVE

2023-47784

Publicly Published: 2023-11-14
Created: 2023-11-14

WordPress Slider Revolution plugin <= 6.6.14 - Cross Site Scripting (XSS) vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:: Cross Site Scripting (XSS)
Score:: 6.5

Fixed in Version 6.6.15

PatchStack

Details

CVE

2023-47772

Publicly Published: 2023-11-14
Created: 2023-11-14

WordPress Slider Revolution <= 6.6.12 - Author+ Remote Code Execution Vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:: Arbitrary File Upload
Score:: 9.1

Fixed in Version 6.6.13

PatchStack

Details

CVE

2023-2359

Publicly Published: 2023-05-30
Created: 2023-06-19