On April 18th, 2026, we received a submission for an Authenticated Arbitrary File Upload vulnerability in Slider Revolution, a WordPress plugin. Although the plugin has more than 5,000,000 active installations, we estimate that only around 45,000 sites are using a vulnerable version, as the issue was introduced in the 7.0 major release. This vulnerability makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files to a vulnerable site and achieve remote code execution.
The post Authenticated Arbitrary File Upload Vulnerability Patched in Slider Revolution 7 WordPress Plugin appeared first on Wordfence.
This article has been indexed from Blog – Wordfence
Read the original article: