CVE-2023-2359
Revolution Slider <= 6.6.12 - Author+ Remote Code ExecutionThe Slider Revolution WordPress plugin through 6.6.12 does not check for valid image files upon import, leading to an arbitrary file upload which may be escalated to Remote Code Execution in some server configurations.
We have discovered 820,866 live websites that are affected by CVE-2023-2359.
Affected Software
| Product |  Revslider |
| Category | UI Frameworks |
| Vulnerable Domains | 820,866 live websites (60% of Revslider install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 319 versions ( 83% of all versions) |
Common Weakness Enumeration
CWE-94 Improper Control of Generation of Code ('Code Injection')Details
- Published - Jun 19, 2023
- Updated - Dec 12, 2024
Credits
- Marco Frison (finder)
- WPScan (coordinator)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2023-2359 United States | 194,853 websites |
 Germany | 82,499 websites |
 Italy | 58,005 websites |
 France | 49,414 websites |
 GB | 36,086 websites |
 Spain | 31,117 websites |
 Turkey | 22,956 websites |
 Netherlands | 22,615 websites |
 Poland | 21,846 websites |
 Brazil | 20,415 websites |
Website Distribution by TLD
Number of websites using CVE-2023-2359| .com | 336,279 websites |
| .de | 43,977 websites |
| .it | 40,847 websites |
| .org | 27,546 websites |
| .co.uk | 21,244 websites |
| .nl | 19,701 websites |
| .com.br | 19,577 websites |
| .fr | 19,353 websites |
| .pl | 16,368 websites |
| .net | 15,273 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2023-2359
Top websites that are affected by CVE-2023-2359. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ******.com | France | *,*** | |
| ***********.eu |  Cyprus | *,*** | |
| ************.com |  Singapore | *,*** | |
| ******************.org | United States | *,*** | |
| ************.ie | United States | *,*** | |
| **********.org | United States | *,*** | |
| ************.net | United States | *,*** | |
| ********************.com | Cyprus | *,*** | |
| ******************.cat | Spain | *,*** | |
| *****************.com | United States | *,*** |
FAQ
CVE-2023-2359 is Improper Control of Generation of Code ('Code Injection') in Revslider
A total of 820,866 websites have been identified as vulnerable to CVE-2023-2359, based on global website indexing conducted by WebTechSurvey.
The Revslider is affected by the CVE-2023-2359 vulnerability.
Revslider versions up to and including 6.6.12 are vulnerable to CVE-2023-2359.