Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
4.3
CVE-2026-9048: Slider Revolution plugin for WordPress exposes sensitive data
CVE-2026-9048
Summary
The Slider Revolution plugin for WordPress, used in versions 7.0.0 to 7.0.14, allows attackers with Contributor-level access to access sensitive information like social media passwords and API keys. This is a serious issue because it could lead to unauthorized access to your social media accounts and other connected services. Update the plugin to the latest version to fix this problem.
Original title
The Slider Revolution plugin for WordPress is vulnerable to Sensitive Information Exposure in versions 7.0.0 - 7.0.14, via the 'slider.get.full' AJAX Action. This makes it possible for authenticate...
Original description
The Slider Revolution plugin for WordPress is vulnerable to Sensitive Information Exposure in versions 7.0.0 - 7.0.14, via the 'slider.get.full' AJAX Action. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including raw social media API credentials: the Instagram OAuth token, Flickr API key, YouTube Data API key, and Facebook App ID, stored in any configured slider's settings.
nvd CVSS3.1
4.3
Vulnerability type
CWE-863
Incorrect Authorization
Published: 2 Jun 2026 · Updated: 2 Jun 2026 · First seen: 2 Jun 2026