Massive WordPress Security Flaw: Slider Revolution’s Unwanted Exposure!
A major security flaw in the Slider Revolution plugin could let users with contributor-level access read sensitive files on WordPress sites. This Arbitrary File Read issue impacts all versions up to 6.7.36. Update to version 6.7.37 ASAP or you might find your database credentials in the wrong hands!
Hot Take:
Looks like Slider Revolution’s security just took a wild ride down the vulnerability slide! Who knew that a plugin meant to make your site look slick could open the door to secret peeking? Talk about a plot twist. Let’s just hope that no one’s wp-config.php file was caught in the crossfire, spilling cryptographic secrets like a bad magician’s trick gone wrong. At least ThemePunch punched back with a quick patch!
Key Points:
- Vulnerability CVE-2025-9217 impacts millions of WordPress sites using Slider Revolution.
- Flaw allows contributor-level users to access sensitive server files.
- Issue arises from inadequate validation of “used_svg” and “used_images” parameters.
- A patch was released quickly, with security experts recommending immediate updates.
- Researcher “stealthcopter” received a $656 bounty for the responsible disclosure.
Already a member? Log in here