CVE-2026-9048 in Slider Revolution PluginИнформация

Сводка

по MITRE • 02.06.2026

The Slider Revolution plugin for WordPress is vulnerable to Sensitive Information Exposure in versions 7.0.0 - 7.0.14, via the 'slider.get.full' AJAX Action. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including raw social media API credentials: the Instagram OAuth token, Flickr API key, YouTube Data API key, and Facebook App ID, stored in any configured slider's settings.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Ответственный

Wordfence

Резервировать

19.05.2026

Раскрытие

02.06.2026

Модерация

принято

Вход

VDB-367787

CPE

готов

CWE

CWE-863 (Подтверждённый)

CVSS

4.3 (CNA)

EPSS

0.00025

KEV

Нет

Деятельности

Очень низкий

Сектор

Hostingprovider

Источники

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-9048
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-9048
CVE Details	https://www.cvedetails.com/cve/CVE-2026-9048/

◂ Предыдущий Обзор Далее ▸

Do you know our Splunk app?

Download it now for free!