Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
4.3
CVE-2026-9050: Slider Revolution plugin for WordPress allows unauthorized plugin deactivation
CVE-2026-9050
Summary
The Slider Revolution plugin for WordPress in versions 6.0.0-6.7.55 and 7.0.0-7.0.14 allows an attacker with a Contributor-level account or above to deactivate any active plugin on the site. This could disrupt the normal functioning of the site. Update the plugin to the latest version to fix this issue.
Original title
The Slider Revolution plugin for WordPress in versions 6.0.0-6.7.55 and 7.0.0-7.0.14 is vulnerable to unauthorized modification of data. This is due to the plugin not properly verifying that a user...
Original description
The Slider Revolution plugin for WordPress in versions 6.0.0-6.7.55 and 7.0.0-7.0.14 is vulnerable to unauthorized modification of data. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with Contributor-level access and above, to deactivate any active plugin installed on the site.
nvd CVSS3.1
4.3
Vulnerability type
CWE-862
Missing Authorization
Published: 2 Jun 2026 · Updated: 2 Jun 2026 · First seen: 2 Jun 2026