CVE-2026-6692 - Vulnerability Analysis
HighCVSS: 8.8Last Updated: May 7, 2026
Slider Revolution WordPress - Unrestricted File Upload
Published: May 7, 2026Updated: May 7, 2026Remote Exploitable
Overview
Slider Revolution WordPress plugin 7.0.0 to 7.0.10 contains an unrestricted file upload vulnerability caused by insufficient file type validation in '_get_media_url' and '_check_file_path' functions, letting authenticated attackers upload executable files and achieve remote code execution, exploit requires subscriber-level access or higher.
Severity & Score
Severity: High
CVSS Score: 8.8
Impact
Authenticated attackers can upload executable files, leading to remote code execution and full server compromise.
Mitigation
Update to version 7.0.11 or later.
References
Related Resources
Details
- CVE ID
- CVE-2026-6692
- Severity
- High
- CVSS Score
- 8.8
- Type
- unrestricted_file_upload
- Status
- new
CWE
- CWE-434
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H