Themepunch Slider Revolution — known CVE vulnerabilities
Every CVE whose affected-product data names Themepunch Slider Revolution, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (14)
CVE-2023-2359 — CVSS 8.8 (high): The Slider Revolution WordPress plugin through 6.6.12 does not check for valid image files upon import, leading to an arbitrary file upload…
CVE-2023-6528 — CVSS 8.8 (high): The Slider Revolution WordPress plugin before 6.6.19 does not prevent users with at least the Author role from unserializing arbitrary…
CVE-2023-47784 — CVSS 8.4 (high): Unrestricted Upload of File with Dangerous Type vulnerability in ThemePunch OHG Slider Revolution.This issue affects Slider Revolution…
CVE-2014-9735 — CVSS 7.5 (high): The ThemePunch Slider Revolution (revslider) plugin before 3.0.96 for WordPress and Showbiz Pro plugin 1.7.1 and earlier for Wordpress does…
CVE-2024-34444 — CVSS 7.1 (high): Missing Authorization vulnerability in ThemePunch OHG Slider Revolution.This issue affects Slider Revolution: from n/a before 6.7.0.
CVE-2024-8107 — CVSS 6.4 (medium): The Slider Revolution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and…
CVE-2024-4581 — CVSS 6.4 (medium): The Slider Revolution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Add Layer widget in all versions…
CVE-2024-4637 — CVSS 6.4 (medium): The Slider Revolution plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 6.7.10 due to…
CVE-2024-4092 — CVSS 6.4 (medium): The Slider Revolution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘htmltag’ parameter in all versions up…
CVE-2024-34443 — CVSS 5.9 (medium): Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ThemePunch OHG Slider…
CVE-2024-37449 — CVSS 5.9 (medium): Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ThemePunch OHG Slider…
CVE-2014-9734 — CVSS 5.0 (medium): Directory traversal vulnerability in the Slider Revolution (revslider) plugin before 4.2 for WordPress allows remote attackers to read…
CVE-2015-5151 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the Slider Revolution (revslider) plugin 4.2.2 for WordPress allows remote attackers to inject…