CVE-2026-6728
Description
The Slider Revolution plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 7.0.9 via the 'get_stream_data()' function. This makes it possible for unauthenticated attackers to extract sensitive data including published password-protected post, page, and product content.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Unauthenticated attackers can extract password-protected content from WordPress sites running Slider Revolution ≤ 7.0.9 via the `get_stream_data()` function.
Vulnerability
The Slider Revolution plugin for WordPress versions up to and including 7.0.9 contains a sensitive information exposure vulnerability in the get_stream_data() function [1]. This function does not properly check user permissions before returning data, allowing unauthenticated attackers to retrieve published password-protected post, page, and product content.
Exploitation
An attacker can exploit this vulnerability without any authentication by sending crafted requests that trigger the get_stream_data() function [1]. No special network position or user interaction is required; the attacker only needs to be able to send HTTP requests to the WordPress site.
Impact
Successful exploitation allows an unauthenticated attacker to extract sensitive data, including the full content of published posts, pages, and products that are protected with a password [1]. This information disclosure undermines the intended access controls of the WordPress site.
Mitigation
The vulnerability is patched in version 7.0.14, which is compatible with WordPress 6.9 [1]. Users should update Slider Revolution to the latest available version. No workaround is documented in the provided references.
AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: <=7.0.9
- Range: <=7.0.9
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2News mentions
0No linked articles in our index yet.