CVE-2024-8107

Name of the Vulnerable Software and Affected Versions: Slider Revolution plugin for WordPress versions up to, and including, 6.7.18

Description: The issue is related to Stored Cross-Site Scripting via SVG File uploads due to insufficient input sanitization and output escaping. This allows authenticated attackers with Author-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. By default, this can only be exploited by administrators, but the ability to use and configure Slider Revolution can be extended to authors.

Recommendations: For versions up to, and including, 6.7.18, update to a version later than 6.7.18 to resolve the issue. As a temporary workaround, consider restricting access to the SVG file upload feature to minimize the risk of exploitation. Additionally, restrict the ability to use and configure Slider Revolution to only trusted administrators.