PT-2026-42137 · WordPress · Slider Revolution
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Slider Revolution versions prior to 7.1.0
Description
The Slider Revolution plugin for WordPress allows unauthenticated attackers to extract sensitive data, including published password-protected post, page, and product content. This occurs through the 'sliders/stream' endpoint via the
get stream data() function.Recommendations
Update to a version later than 7.0.9.
As a temporary workaround, restrict access to the
get stream data() function.Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Slider Revolution