Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Slider Revolution arbitrary file read security flaw (CVE-2025-9217)

Vulnerability
First reported
Last updated
Happening score
H score 0
1 unique sources, 1 articles

Summary

Hide ▲

CVE-2025-9217 in Slider Revolution exposes all versions up to 6.7.36 to an arbitrary file read flaw that can leak sensitive server data from affected WordPress sites. The issue lets users with contributor-level permissions or higher read files such as wp-config.php, creating risk to database credentials and cryptographic keys. ThemePunch fixed the bug in 6.7.37 after disclosure in August 2025.

Timeline

  1. 15.10.2025 03:00 1 articles · 7mo ago

    stealthcopter reports Slider Revolution arbitrary file read

    Initial Disclosure

    Independent researcher stealthcopter reported CVE-2025-9217 in the Slider Revolution WordPress plugin through the Wordfence Bug Bounty Program, identifying an arbitrary file read flaw that could expose sensitive server files on affected WordPress sites.

    Show sources
    Open in new tab
  2. 15.10.2025 03:00 1 articles · 7mo ago

    Wordfence verifies CVE-2025-9217 and relays ThemePunch

    Technical Analysis Update

    Wordfence verified the Slider Revolution report and relayed the details to ThemePunch on August 19 2025, confirming that contributor-level access on affected WordPress sites could expose sensitive server files including wp-config.php.

    Show sources
    Open in new tab
  3. 15.10.2025 03:00 1 articles · 7mo ago

    ThemePunch releases Slider Revolution 6.7.37

    Mitigation Patch Update

    ThemePunch released Slider Revolution 6.7.37 on August 28 2025, patching the file-handling weakness in versions up to 6.7.36 by adding stricter validation on used_svg and used_images so only permitted media files can be included in zip exports.

    Show sources
    Open in new tab
  4. 15.10.2025 03:00 2 articles · 7mo ago

    CVE-2025-9217 severity and remediation guidance published

    Technical Analysis Update

    CVE-2025-9217 in the Slider Revolution WordPress plugin was rated 6.5 medium severity, affected all versions up to 6.7.36 and more than 4 million active installations, and could expose files such as wp-config.php on WordPress sites; installing 6.7.37 was recommended.

    Show sources
    Open in new tab