“' revslider ' ) ) ; exit ; } } } the action ultimately invokes the _ check _ file _ path ( ) function in the revslideraddons class, which builds the destination path for a remote file using attacker - supplied input. public function _ check _ file _ path ( $ image, $ url = false,…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
85%
“may 20, 2026 – wordfence free users will receive the same protection. conclusion in this blog post, we detailed an arbitrary file upload vulnerability within the slider revolution plugin affecting versions 7. 0. 0 through 7. 0. 10. this vulnerability allows authenticated threat a…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1105Ingress Tool Transfer
79%
“, $ file, ' updates ' ) ; return ( file _ exists ( $ file ) )? $ base _ url. $ image : $ image ; } unfortunately, the function does not validate the file extension. the download _ url ( ) function in the revsliderloadbalancer class fetches the file from the supplied url and write…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
62%
“_ media _ url 8. 8 cvss rating 8. 8 ( high ) cve - id cve - 2026 - 6692 affected version ( s ) 7. 0. 0 - 7. 0. 10 patched version 7. 0. 11 bounty $ 4, 914. 00 affected software slider revolution [ revslider ] researcher h0xilo the slider revolution plugin for wordpress is vulnera…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
60%
“authenticated arbitrary file upload vulnerability patched in slider revolution 7 wordpress plugin on april 18th, 2026, we received a submission for an authenticated arbitrary file upload vulnerability in slider revolution, a wordpress plugin. although the plugin has more than 5, …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
46%
“secure, as this vulnerability poses a significant risk. the post authenticated arbitrary file upload vulnerability patched in slider revolution 7 wordpress plugin appeared first on wordfence.”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
On April 18th, 2026, we received a submission for an Authenticated Arbitrary File Upload vulnerability in Slider Revolution, a WordPress plugin. Although the plugin has more than 5,000,000 active installations, we estimate that only around 45,000 sites are using a vulnerable version, as the issue was introduced in the 7.0 major release. This vulnerability makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files to a vulnerable site and achieve remote code execution.