Log out
Get PRO

Latest

Input validation vulnerability in Slider Revolution 6.6.20

  • Severity: medium-risk
  • Status: Fixed
  • Publication: April 8, 2024

The Revslider plugin, which is used for WordPress websites, has a security vulnerability that allows for Stored Cross-Site Scripting. This means that attackers can upload malicious code, in the form of SVG files, which can then be executed whenever a user visits a page that contains the code. This vulnerability exists in all versions of the plugin up to version 6.6.20. It is caused by the plugin not properly checking and filtering the input and output of the code. This can only be exploited by administrators, but it is possible for other users to gain access to the plugin and potentially exploit it.

Detected in:

Slider Revolution fixed vulnerable versions: >= * <= 6.6.20

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.

Join our mailing list - 6 Tips & Tricks in your inbox over the next days!

Plugins

© Really Simple Plugins
CoC 70461155
Kalmarweg 14-5
9723 JG, Groningen (NL)

Wordpress Linkedin Github

Get Started

About

Popular articles