CVE-2023-6528

The Slider Revolution WordPress plugin before 6.6.19 does not prevent users with at least the Author role from unserializing arbitrary content when importing sliders, potentially leading to Remote Code Execution.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://wpscan.com/vulnerability/36ced447-84ea-4162-80d2-6df226cb53cb	Exploit Third Party Advisory
https://wpscan.com/vulnerability/36ced447-84ea-4162-80d2-6df226cb53cb	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:themepunch:slider_revolution:*:*:*:*:*:wordpress:*:*

History

No history.

Information

Published : 2024-01-08 19:15

Updated : 2025-06-03 15:15

NVD link : CVE-2023-6528

Mitre link : CVE-2023-6528

CVE.ORG link : CVE-2023-6528

JSON object : View

Products Affected

themepunch

slider_revolution

CWE

CWE-502

Deserialization of Untrusted Data

{"id": "CVE-2023-6528", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2024-01-08T19:15:10.273", "references": [{"url": "https://wpscan.com/vulnerability/36ced447-84ea-4162-80d2-6df226cb53cb", "tags": ["Exploit", "Third Party Advisory"], "source": "contact@wpscan.com"}, {"url": "https://wpscan.com/vulnerability/36ced447-84ea-4162-80d2-6df226cb53cb", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-502"}]}], "descriptions": [{"lang": "en", "value": "The Slider Revolution WordPress plugin before 6.6.19 does not prevent users with at least the Author role from unserializing arbitrary content when importing sliders, potentially leading to Remote Code Execution."}, {"lang": "es", "value": "El complemento Slider Revolution de WordPress anterior a 6.6.19 no impide que los usuarios con al menos el rol de Autor deserialicen contenido arbitrario al importar controles deslizantes, lo que podr\u00eda provocar una ejecuci\u00f3n remota de c\u00f3digo."}], "lastModified": "2025-06-03T15:15:51.557", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:themepunch:slider_revolution:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "2B541D44-9905-4798-9926-9ED3F69506AF", "versionEndExcluding": "6.6.19"}], "operator": "OR"}]}], "sourceIdentifier": "contact@wpscan.com"}