VulnTitan VulnTitan Security command center
Plugin Vulnerability Hub
Plugin 17 known issues Latest disclosed Oct 08, 2025

Slider Revolution Vulnerabilities

Review known vulnerability records for the WordPress plugin Slider Revolution (`revslider`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2025-10249, CVE-2025-9217 and CVE-2024-8107, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed
Known Records
17
High or Critical
6
Patch Coverage
100%
Last Updated
Oct 09, 2025
Priority CVE Quick Links

Fast paths into Slider Revolution CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs
17
CVE-2014-9735 Critical 3.0.96
CVE-2014-9735 Slider Revolution Arbitrary File Upload

Slider Revolution < 3.0.96 & Showbiz Pro < 1.7.1 - Missing Authorization to Arbitrary File Upload

CVE-2023-6528 High 6.6.19
CVE-2023-6528 Slider Revolution Vulnerability

Slider Revolution < 6.6.19 - Authenticated (Author+) PHP Object Injection

CVE-2014-9734 High 4.2
CVE-2014-9734 Slider Revolution Vulnerability

Slider Revolution <= 4.1.4 - Directory Traversal

CVE-2023-47784 High 6.6.16
CVE-2023-47784 Slider Revolution Remote Code Execution

Slider Revolution <= 6.6.15 - Authenticated (Author+) Arbitrary File Upload

CVE-2023-2359 High 6.6.13
CVE-2023-2359 Slider Revolution Remote Code Execution

Slider Revolution <= 6.6.12 - Authenticated (Administrator+) Arbitrary File Upload

CVE-2015-5151 High 4.2.3
CVE-2015-5151 Slider Revolution Cross-Site Scripting

Slider Revolution <= 4.2.2 - Cross-Site Scripting

CVE-2025-10249 Medium 6.7.38
CVE-2025-10249 Slider Revolution Vulnerability

Slider Revolution <= 6.7.37 - Missing Authorization to Authenticated (Contributor+) Arbitrary File Read

CVE-2025-9217 Medium 6.7.37
CVE-2025-9217 Slider Revolution Vulnerability

Slider Revolution <= 6.7.36 - Authenticated (Contributor+) Arbitrary File Read via 'used_svg' and 'used_images'

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for Slider Revolution so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility
17 records include a published patch path, leaving 0 with no listed safe release yet.
Severity Mix
1 critical and 5 high severity findings.
Recent CVEs
CVE-2025-10249, CVE-2025-9217 and CVE-2024-8107
Reference Workflow
Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.
Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

Known Vulnerabilities

Reports for Slider Revolution

Sorted by latest disclosure date so newly published issues surface first.

Plugin Medium Patched: Yes CVE-2025-10249
CVE-2025-10249: Slider Revolution <= 6.7.37 - Missing Authorization to Authenticated (Contributor+) Arbitrary File Read

The Slider Revolution plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on several functions in all versions up to, and including, 6.7.37. This makes it possible for authenticated attackers, with Contributor-level...

Published
Oct 08, 2025
Patched Release
6.7.38
Affected Versions
Versions up to 6.7.37
Next Step
Update to 6.7.38 or newer if supported.
Open CVE-2025-10249 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2025-9217
CVE-2025-9217: Slider Revolution <= 6.7.36 - Authenticated (Contributor+) Arbitrary File Read via 'used_svg' and 'used_images'

The Slider Revolution plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 6.7.36 via the 'used_svg' and 'used_images' parameters. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the conten...

Published
Aug 28, 2025
Patched Release
6.7.37
Affected Versions
Versions up to 6.7.36
Next Step
Update to 6.7.37 or newer if supported.
Open CVE-2025-9217 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-8107
CVE-2024-8107: Slider Revolution <= 6.7.18 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

The Slider Revolution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 6.7.18 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-le...

Published
Sep 30, 2024
Patched Release
6.7.19
Affected Versions
Versions up to 6.7.18
Next Step
Update to 6.7.19 or newer if supported.
Open CVE-2024-8107 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-37449
CVE-2024-37449: Slider Revolution <= 6.7.13 - Authenticated (Administrator+) Stored Cross-Site Scripting

The Slider Revolution plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 6.7.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and abo...

Published
Jun 28, 2024
Patched Release
6.7.14
Affected Versions
Versions up to 6.7.13
Next Step
Update to 6.7.14 or newer if supported.
Open CVE-2024-37449 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-4637
CVE-2024-4637: Slider Revolution <= 6.7.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via Elementor wrapperid and zindex

The Slider Revolution plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 6.7.10 due to insufficient input sanitization and output escaping on the user supplied Elementor 'wrapperid' and 'zindex' display attributes. This makes i...

Published
Jun 03, 2024
Patched Release
6.7.11
Affected Versions
Versions up to 6.7.10
Next Step
Update to 6.7.11 or newer if supported.
Open CVE-2024-4637 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-4581
CVE-2024-4581: Slider Revolution <= 6.7.11 - Authenticated (Author+) Stored Cross-Site Scripting via Add Layer class, id, and title Attributes

The Slider Revolution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Add Layer widget in all versions up to, and including, 6.7.11 due to insufficient input sanitization and output escaping on the user supplied 'class', 'id', and 'title' attrib...

Published
Jun 03, 2024
Patched Release
6.7.11
Affected Versions
Versions up to 6.7.10
Next Step
Update to 6.7.11 or newer if supported.
Open CVE-2024-4581 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-34444
CVE-2024-34444: Slider Revolution <= 6.6.20 - Missing Authorization

The Slider Revolution plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the init_rest_api function in versions up to 6.7.0. This makes it possible for unauthenticated attackers to update slider data.

Published
May 28, 2024
Patched Release
6.7.0
Affected Versions
Versions up to 6.6.20
Next Step
Update to 6.7.0 or newer if supported.
Open CVE-2024-34444 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-34443
CVE-2024-34443: Slider Revolution <= 6.7.10 - Authenticated (Author+) Stored Cross-Site Scripting

The Slider Revolution plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 6.7.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above,...

Published
May 28, 2024
Patched Release
6.7.11
Affected Versions
Versions up to 6.7.10
Next Step
Update to 6.7.11 or newer if supported.
Open CVE-2024-34443 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-4092
CVE-2024-4092: Slider Revolution <= 6.7.7 - Authenticated (Author+) Stored Cross-Site Scripting via htmltag Parameter

The Slider Revolution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘htmltag’ parameter in all versions up to, and including, 6.7.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject...

Published
Apr 30, 2024
Patched Release
6.7.8
Affected Versions
Versions up to 6.7.7
Next Step
Update to 6.7.8 or newer if supported.
Open CVE-2024-4092 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-2306
CVE-2024-2306: Revslider <= 6.6.20 - Authenticated (Author+) Stored Cross-Site Scripting

The Revslider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via svg upload in all versions up to, and including, 6.6.20 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scrip...

Published
Apr 08, 2024
Patched Release
6.7.0
Affected Versions
Versions up to 6.6.20
Next Step
Update to 6.7.0 or newer if supported.
Open CVE-2024-2306 Report Open CVE Reference
Plugin High Patched: Yes CVE-2023-6528
CVE-2023-6528: Slider Revolution < 6.6.19 - Authenticated (Author+) PHP Object Injection

The Slider Revolution plugin for WordPress is vulnerable to PHP Object Injection in all versions up to 6.6.19 (exclusive) via deserialization of untrusted input when importing a new slider. This makes it possible for authenticated attackers, with author-level access and above, to...

Published
Nov 30, 2023
Patched Release
6.6.19
Affected Versions
Versions before 6.6.19
Next Step
Update to 6.6.19 or newer if supported.
Open CVE-2023-6528 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2023-47772
CVE-2023-47772: Slider Revolution <= 6.6.14 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Slider Revolution plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 6.6.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above...

Published
Nov 14, 2023
Patched Release
6.6.15
Affected Versions
Versions up to 6.6.14
Next Step
Update to 6.6.15 or newer if supported.
Open CVE-2023-47772 Report Open CVE Reference