(wordfence.com) Critical Authenticated Arbitrary File Upload Vulnerability Patched in Slider Revolution WordPress Plugin

orlysec@swecyb.com

(wordfence.com) Critical Authenticated Arbitrary File Upload Vulnerability Patched in Slider Revolution WordPress Plugin

Critical RCE vulnerability (CVE pending) in Slider Revolution WordPress plugin (7.0.0–7.0.10) allows authenticated attackers with subscriber+ access to upload malicious files via flawed `library.load.image` AJAX action. Exploitation enables webshell deployment and full site compromise.

In brief - A severe authenticated arbitrary file upload flaw in Slider Revolution (5M+ installs) permits RCE. Patch to 7.0.11 immediately; WordFence users are protected via firewall rules.

Technically - The vulnerability stems from insufficient validation in `_check_file_path()` within `RevSliderAddons`, allowing attackers to bypass extension checks via `data[0][id]` parameter. The `download_url()` function in `RevSliderLoadBalancer` writes attacker-supplied files to public directories. Requires leaked nonce and subscriber access. Partial fix in 7.0.10; full remediation in 7.0.11.

Source: https://www.wordfence.com/blog/2026/05/authenticated-arbitrary-file-upload-vulnerability-patched-in-slider-revolution-7-wordpress-plugin/

#Cybersecurity #ThreatIntel