A new security vulnerability has been discovered in Slider Revolution, one of the most popular WordPress plugins with over 4 million active installations. The flaw allows attackers with contributor-level access or higher to read sensitive files stored on the server.
The issue is classified as an Arbitrary File Read vulnerability and affects all versions of Slider Revolution up to 6.7.36. The problem lies in how the plugin processes image and SVG files when exporting sliders. Due to missing checks on file types and sources, attackers could potentially access critical files such as wp-config.php, which contains important database credentials and security keys.
The vulnerability was discovered by a researcher known as “stealthcopter”, who responsibly reported it through the Wordfence Bug Bounty Program on August 11, 2025. The report was validated by the Wordfence team, and the plugin developer ThemePunch was notified immediately. For the discovery, the researcher received a $656 bounty reward from Wordfence.
ThemePunch responded quickly and released a patch on August 28, 2025, fixing the issue in version 6.7.37. Wordfence has confirmed that all users of its firewall, both free and premium, are protected from this exploit.
The vulnerability existed in the plugin’s functions add_svg_to_zip() and add_images_videos_to_zip() within the RevSliderSliderExport class. These functions are used when creating export files for sliders. Because the functions did not properly verify the type or source of files, attackers with contributor permissions could use specially crafted requests to read any file on the server. This could expose sensitive configuration data, authentication tokens, or even private system files.
The issue has been assigned the identifier CVE-2025-9217 with a CVSS score of 6.5 (Medium severity).
WordPress site owners using Slider Revolution are strongly advised to update to version 6.7.37 or later as soon as possible. Updating the plugin will patch the vulnerability and prevent potential data exposure.
Users running the Wordfence security plugin are already protected, but it is still important to apply the official update to eliminate the underlying flaw.
