CVE-2026-9050

Vulnerability

The Slider Revolution plugin for WordPress, specifically versions 6.0.0 through 6.7.55 and 7.0.0 through 7.0.14, contains a vulnerability that allows for unauthorized modification of data. This issue arises because the plugin fails to adequately verify user authorization for certain actions.

Exploitation

An attacker with at least Contributor-level access to a WordPress site can exploit this vulnerability. The attacker needs to be authenticated and then can perform an action that triggers the vulnerability, leading to the deactivation of any active plugin installed on the site.

Impact

Successful exploitation of this vulnerability allows an attacker to deactivate any plugin on the affected WordPress site. This could lead to a denial of service for the website or disrupt its intended functionality by disabling essential plugins.

Mitigation

There is no specific mitigation or patched version information available in the provided references. Users are advised to monitor the plugin's official channels for updates. The Slider Revolution plugin is a commercial product, and further details may be available on their official website [1].