CVE-2023-6528: Slider Revolution < 6.6.19 - Author+ Insecure Deserialization leading to RCE
First published: Mon Jan 08 2024(Updated: )
The Slider Revolution WordPress plugin before 6.6.19 does not prevent users with at least the Author role from unserializing arbitrary content when importing sliders, potentially leading to Remote Code Execution.
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Slider Revolution | <6.6.19 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2023-6528?
CVE-2023-6528 is classified as a critical vulnerability due to its potential for Remote Code Execution.
Who is affected by CVE-2023-6528?
CVE-2023-6528 impacts installations of the Slider Revolution plugin for WordPress prior to version 6.6.19.
How do I fix CVE-2023-6528?
To mitigate CVE-2023-6528, update the Slider Revolution plugin to version 6.6.19 or later.
What kind of impact can CVE-2023-6528 have?
CVE-2023-6528 can allow malicious users with Author roles to unserialize arbitrary content, potentially leading to Remote Code Execution.
What role must a user have to exploit CVE-2023-6528?
Users with at least the Author role can exploit CVE-2023-6528 by unserializing arbitrary content during the slider import process.
- agent/type
- agent/first-publish-date
- agent/title
- agent/weakness
- agent/author
- agent/severity
- agent/references
- agent/event
- agent/description
- collector/epss-latest
- source/FIRST
- agent/epss
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/themepunch
- canonical/slider revolution