CVE-2023-6528

Published: Jan 8, 2024Modified: Jun 3, 2025

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

The Slider Revolution WordPress plugin before 6.6.19 does not prevent users with at least the Author role from unserializing arbitrary content when importing sliders, potentially leading to Remote Code Execution.

Affected (1)

Products: Themepunch: Slider Revolution

Themepunch

1 product

Slider Revolution

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Themepunch Slider Revolution	Before 6.6.19

Related CWEs

CWE-502

Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

References (2)

https://wpscan.com/vulnerability/36ced447-84ea-4162-80d2-6df226cb53cb

Source: contact@wpscan.com

ExploitThird Party Advisory

https://wpscan.com/vulnerability/36ced447-84ea-4162-80d2-6df226cb53cb

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.