A huge collection of 3400+ free website templates JAR theme com WP themes and more at the biggest community-driven free web design site
Home / security-advisories / Revolution Slider Plugin Remote Code Execution (CVE-2023-2359)

Revolution Slider Plugin Remote Code Execution (CVE-2023-2359)

Advisory No: TZCERT/SA/2024/02/15

Date of First Release: 15th February 2024

Source: WPScan

Software Affected: Revolution Slider Plugin version <= 6.6.12

Overview:

The vulnerability exists in the Revolution Slider plugin prior to version <= 6.6.12. Successfully exploitation of this vulnerability could allow a remote attacker to execute code on the affected system.

Description:

The vulnerability (CVE-2023-2359, CVSS score: 6.6) exists because the plugin does not check the for validity of uploaded image file. By default, the import functionality is only available to Admin users. However, the plugin may be configured to allow Editor and Author users to use the functionality as well.

Impact:

Successful exploitation of this vulnerability may allow a an attacker to execute remote code to an affected system.

Solution:

Security updates have been released to resolve this vulnerability. Users and administrators are encouraged to apply necessary updates.

References:

  1. https://wpscan.com/vulnerability/a8350890-e6d4-4b04-a158-2b0ee3748e65/

Check Also

Critical vulnerabilities affecting IBM Sterling B2B Integrator, IBM QRadar SIEM and IBM Disconnected Log Collector (CVE-2022-42920, CVE-2023-51385 and CVE-2023-39410)

Advisory No: TZCERT/SA/2024/04/12-2 Date of First Release: 12th April 2024 Source: IBM Software Affected: IBM …