High severity8.8NVD Advisory· Published May 7, 2026· Updated May 7, 2026

CVE-2026-6692

Description

The Slider Revolution plugin for WordPress is vulnerable to Arbitrary File Upload in versions 7.0.0 to 7.0.10 via the '_get_media_url' and '_check_file_path' function. This is due to insufficient file type validation. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload files that may be executable, which makes remote code execution possible. The vulnerability was partially patched in version 7.0.10 and fully patched in version 7.0.11.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.sliderrevolution.comnvd
www.wordfence.com/threat-intel/vulnerabilities/id/a2e802a6-d2f1-47cc-883a-89110e569168nvd

News mentions

Wordfence Intelligence Weekly WordPress Vulnerability Report (May 4, 2026 to May 10, 2026)
Wordfence Blog · May 14, 2026
Authenticated Arbitrary File Upload Vulnerability Patched in Slider Revolution 7 WordPress Plugin
Wordfence Blog · May 6, 2026

cvss	0.572
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000