CVE-2023-6528

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

T

he Slider Revolution WordPress plugin before 6.6.19 does not prevent users with at least the Author role from unserializing arbitrary content when importing sliders, potentially leading to Remote Code Execution.

References

Link	Resource
https://wpscan.com/vulnerability/36ced447-84ea-4162-80d2-6df226cb53cb	Exploit Third Party Advisory
https://wpscan.com/vulnerability/36ced447-84ea-4162-80d2-6df226cb53cb	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:themepunch:slider_revolution:*:*:*:*:*:wordpress:*:*

History

21 Nov 2024, 08:44

Type	Values Removed	Values Added
References	~~() https://wpscan.com/vulnerability/36ced447-84ea-4162-80d2-6df226cb53cb - Exploit, Third Party Advisory~~	() https://wpscan.com/vulnerability/36ced447-84ea-4162-80d2-6df226cb53cb - Exploit, Third Party Advisory

Information

Published : 2024-01-08 19:15

Updated : 2025-06-03 15:15

NVD link : CVE-2023-6528

Mitre link : CVE-2023-6528

CVE.ORG link : CVE-2023-6528

JSON object : View

Products Affected

slider_revolution

CWE

CWE-502

Deserialization of Untrusted Data

{"id": "CVE-2023-6528", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2024-01-08T19:15:10.273", "references": [{"url": "https://wpscan.com/vulnerability/36ced447-84ea-4162-80d2-6df226cb53cb", "tags": ["Exploit", "Third Party Advisory"], "source": "[email protected]"}, {"url": "https://wpscan.com/vulnerability/36ced447-84ea-4162-80d2-6df226cb53cb", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-502"}]}], "descriptions": [{"lang": "en", "value": "The Slider Revolution WordPress plugin before 6.6.19 does not prevent users with at least the Author role from unserializing arbitrary content when importing sliders, potentially leading to Remote Code Execution."}, {"lang": "es", "value": "El complemento Slider Revolution de WordPress anterior a 6.6.19 no impide que los usuarios con al menos el rol de Autor deserialicen contenido arbitrario al importar controles deslizantes, lo que podr\u00eda provocar una ejecuci\u00f3n remota de c\u00f3digo."}], "lastModified": "2025-06-03T15:15:51.557", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:themepunch:slider_revolution:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "2B541D44-9905-4798-9926-9ED3F69506AF", "versionEndExcluding": "6.6.19"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}