PT-2025-41371 · WordPress · Slider Revolution
Matthew Rollings
·
Published
2025-10-09
·
Updated
2025-10-09
·
CVE-2025-10249
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Slider Revolution plugin for WordPress versions prior to 6.7.38
Description
The Slider Revolution plugin for WordPress is susceptible to unauthorized access and modification of data because of a missing capability check on several functions. This allows authenticated attackers with Contributor-level access or higher to perform actions such as installing and activating plugin add-ons, creating sliders, and downloading arbitrary files.
Recommendations
Update to version 6.7.38 or later.
Fix
Relative Path Traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Slider Revolution