Hi There,
It looks like this plugin has another vulnerability. Will you be updating it soon as I have a few websites that are using this and I don’t want to leave them vulnerable.
Thanks
Hi Chris,
Thanks for reaching out.
We have already tested the supported version of the said plugin and didn’t find any issue with the latest version of Theme. Can you please add the vulnerability reports so we can check and investigate it further?
Thanks
Here you go:
WordPress Slider Revolution plugin <= 6.7.7 - Authenticated (Author+) Stored Cross-Site Scripting via htmltag Parameter vulnerability
Powered by Patchstack
6.5
Medium SeverityCVSS 3.1 score
Not Known to be ExploitedReport an attack
Solution
Update the Slider Revolution plugin to the latest available version (at least 6.7.8).
If no update is available, you should deactivate the plugin. Muting the issue will exclude it from future scans. Only mute the issue after you’ve confirmed the vulnerability does not affect your site.
Mute Issue
Status
The plugin was inactive when scanned on May 1, 2024 at 4:06 pm.
Details
Authenticated (Author+) Stored Cross-Site Scripting via htmltag Parameter vulnerability discovered by wesley (wcraft) in WordPress Plugin Slider Revolution (versions <= 6.7.7)
Here is the link to Patchstack:
Hello @Petrie,
We are currently supporting Slider Revolution 6.7.4. We have already reported to prioritise the slider update to our development team. Our development team is still testing the latest version of the plugin with the latest theme and builder compatibility so I would request you, to please stay tuned for succeeding updates.
Thanks for understanding
Hey There,
Version 6.7.9. is available via automatic updates. All the best!
Thank you for taking care of this so quickly.
Hi Chris,
You are most welcome.
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.