CVE-2023-2359
Revolution Slider <= 6.6.12 - Author+ Remote Code ExecutionThe Slider Revolution WordPress plugin through 6.6.12 does not check for valid image files upon import, leading to an arbitrary file upload which may be escalated to Remote Code Execution in some server configurations.
We have discovered 1,139,664 live websites that are affected by CVE-2023-2359.
Affected Software
| Product |  Revslider |
| Category | UI Frameworks |
| Vulnerable Domains | 1,139,664 live websites (68.68% of Revslider install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 439 versions ( 87.98% of all versions) |
Common Weakness Enumeration
CWE-94 Improper Control of Generation of Code ('Code Injection')Details
- Published - Jun 19, 2023
- Updated - Dec 12, 2024
Credits
- Marco Frison (finder)
- WPScan (coordinator)
CWE
CVE References
CWE References
CVE-2023-2359 usage by Country
 United States | 357,766 websites |
 Germany | 138,112 websites |
 France | 78,924 websites |
 GB | 43,954 websites |
 Italy | 43,325 websites |
 Spain | 36,119 websites |
 Netherlands | 29,608 websites |
 Poland | 29,554 websites |
 Turkey | 27,467 websites |
 Russia | 25,103 websites |
CVE-2023-2359 usage by TLD
| .com | 478,094 websites |
| .de | 59,914 websites |
| .org | 38,935 websites |
| .it | 37,517 websites |
| .co.uk | 31,847 websites |
| .com.br | 28,333 websites |
| .nl | 27,798 websites |
| .fr | 26,999 websites |
| .pl | 23,449 websites |
| .com.au | 22,247 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2023-2359
Top websites that are affected by CVE-2023-2359. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ******.com | United States | *,*** | |
| ***********.eu | Germany | *,*** | |
| ************.com |  Singapore | *,*** | |
| ******************.org | United States | *,*** | |
| ****.int |  Canada | *,*** | |
| ************.ie | United States | *,*** | |
| **********.org | United States | *,*** | |
| ************.net | United States | *,*** | |
| ***********************.com | United States | *,*** | |
| ******************.cat | Spain | *,*** |
FAQ
CVE-2023-2359 is Improper Control of Generation of Code ('Code Injection') in Revslider
A total of 1,139,664 websites have been identified as vulnerable to CVE-2023-2359, discovered through global website indexing conducted by WebTechSurvey.
Revslider is susceptible to CVE-2023-2359 vulnerability.
Revslider versions before, and including, 6.6.12 are vulnerable to CVE-2023-2359.