CVE-2026-57678
HighCVSS 7.1Summary
The Slider Revolution plugin versions 7.0.0 through 7.0.16 contain a reflected Cross-site Scripting (XSS) vulnerability due to improper input neutralization during web page generation. An attacker can inject a malicious script into an HTTP request that will be executed in the victim's browser.
Risk Assessment
The risk includes potential session hijacking, redirection to malicious sites, or other actions performed within the victim's session context, which could lead to data confidentiality and system integrity breaches.
Recommendation
It is recommended to immediately update the Slider Revolution plugin to a version later than 7.0.16 that includes the fix. Additionally, consider deploying Web Application Firewalls (WAF) to block common XSS attack patterns.
Original NVD description (English source)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemePunch Slider Revolution allows Reflected XSS. This issue affects Slider Revolution: from 7.0.0 through 7.0.16.

