Slider Revolution <= 7.0.9

  • omnisity

    (@omnisity)


    2 days, 11 hours ago

    Hi,

    We’re expiriencing critical warnings on a number of site’s we manage, for the following: Slider Revolution <= 7.0.9 – Unauthenticated Sensitive Information Exposure via ‘sliders/stream’

    This message should only apply to the SR7 version of the plugin, as occording to the developers SR6 installations, do not have any known vulnerabilies. We can ignore the issue, but before we do, can you confirm, if there are any issues on the SR6 we are running 6.7.55 across our network.

    The page I need help with: [log in to see the link]

Viewing 3 replies - 1 through 3 (of 3 total)
  • Cédric

    (@fsodrek)

    2 days, 1 hour ago

    hi,

    i found this on change log :

    6.7.54
    April 17, 2026

    Bugfixes
    Lost parent ID (WPML references) during the save and migrating processes
    Unauthenticated Sensitive Information Exposure via ‘sliders/stream

    here : https://www.sliderrevolution.com/changelog/?query-13-page=2&cst

    • This reply was modified 2 days, 1 hour ago by Cédric. Reason: Complément
    Thread Starter omnisity

    (@omnisity)

    1 day, 11 hours ago

    Hi Cédric,

    Thanks for the clarification.

    Sorry if my original post wasn’t clear. The affected sites are running Slider Revolution 6.7.55 (SR6), not SR7.

    Wordfence is currently flagging the following vulnerability against those installations:

    “Slider Revolution <= 7.0.9 – Unauthenticated Sensitive Information Exposure via sliders/stream”

    However, based on the changelog you linked, it appears the underlying issue was already patched in the SR6 branch in version 6.7.54.

    Can you confirm whether Wordfence may currently be matching this vulnerability against SR6 installations incorrectly, resulting in a false positive for sites running 6.7.54+?

    Thanks again.

    Plugin Support wfpeter

    (@wfpeter)

    1 day, 6 hours ago

    Hi @omnisity,

    It seems that we had correctly acknowledged the split vulnerable/safe version numbers but they hadn’t been recycled in our cache yet so were picked up by your scan. We’ve now manually taken action and can see the expected results in our own scans.

    Subsequent scheduled scans will clear it naturally but you can also manually run a full scan using the button on the Wordfence > Scan page if you like.

    Many thanks,
    Peter.

Viewing 3 replies - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.