Home / Forums / Zass WordPress Theme / ResolvedSlider Revolution security vulnerability

ResolvedSlider Revolution security vulnerability

Tagged: 

  • This topic has 1 reply, 2 voices, and was last updated 2 weeks ago by Alex.
Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • November 18, 2023 at 11:54 pm #38104
    aanrae
    Participant

    The current Zass plugin includes Slider Revolution 6.6.15.
    The Slider Revolution plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 6.6.15. This makes it possible for attackers with author-level access and higher to upload arbitrary files on the affected site’s server which may make remote code execution possible.

    CVE CVE-2023-47784
    CVSS 7.2 (High)

    Do you know when the plugin will be updated? The current version is 6.6.18.

    November 21, 2023 at 2:02 pm #38111
    Alex
    Keymaster

    Hello aanrae,

    There is new version released from yesterday (20th November 2023) with all bundled plugins updated.

    Regards,
    Alex

  • Author
    Posts
Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in and have valid license to reply to this topic.

License required for the following item
Zass - WooCommerce Theme for Handmade Artists and Artisans
Login and Registration Log in · Register
ResolvedSlider?