High severity8.8NVD Advisory· Published May 7, 2026· Updated May 7, 2026
CVE-2026-6692
CVE-2026-6692
Description
The Slider Revolution plugin for WordPress is vulnerable to Arbitrary File Upload in versions 7.0.0 to 7.0.10 via the '_get_media_url' and '_check_file_path' function. This is due to insufficient file type validation. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload files that may be executable, which makes remote code execution possible. The vulnerability was partially patched in version 7.0.10 and fully patched in version 7.0.11.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <=7.0.10
Patches
Vulnerability mechanics
References
2News mentions
3- Wordfence Intelligence Weekly WordPress Vulnerability Report (May 11, 2026 to May 17, 2026)Wordfence Blog · May 21, 2026
- Wordfence Intelligence Weekly WordPress Vulnerability Report (May 4, 2026 to May 10, 2026)Wordfence Blog · May 14, 2026
- Authenticated Arbitrary File Upload Vulnerability Patched in Slider Revolution 7 WordPress PluginWordfence Blog · May 6, 2026