Volerion logoVolerion
Volerion logoVolerion

Slider Revolution WordPress Plugin Arbitrary File Upload Vulnerability Allowing Remote Code Execution

Vulnerability

A vulnerability allowing arbitrary file upload has been identified in the Slider Revolution plugin for WordPress, affecting versions 7.0.0 to 7.0.10. The issue arises from inadequate file type validation in the '_get_media_url' and '_check_file_path' functions. This vulnerability enables authenticated attackers with subscriber-level access and above to upload potentially executable files, leading to remote code execution. While the vulnerability was partially addressed in version 7.0.10, it was fully resolved in version 7.0.11.

Impact

Exploitation of this vulnerability allows for arbitrary file upload, with the potential for uploaded files to be executed on the server, leading to remote code execution.

Remediation

Users are advised to update the Slider Revolution WordPress plugin to version 7.0.11 or a newer patched version.

Added: May 7, 2026, 6:24 AM
Updated: May 7, 2026, 6:24 AM

Vulnerability Rating

Custom Algorithm
spread
7.6
impact
10.0
exploitability
5.4
remediation
7.7
relevance
7.7
threat
0.0
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.