CVE-2023-47784: 
WordPress vulnerability analysis and mitigation

The Slider Revolution WordPress plugin, developed by ThemePunch OHG, contains an Unrestricted Upload of File with Dangerous Type vulnerability (CVE-2023-47784). This security issue affects all versions of Slider Revolution up to and including version 6.6.15. The vulnerability was discovered by Rafie Muhammad and was publicly disclosed on November 14, 2023 (Wordfence, WPScan).

The vulnerability is classified as CWE-434 (Unrestricted Upload of File with Dangerous Type). It has received a CVSS v3.1 base score of 8.8 (HIGH) from NIST with a vector string of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, while Patchstack assigned a slightly lower score of 8.4 (HIGH) with vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H (NVD).

The vulnerability allows attackers with author-level access or higher to upload arbitrary files to the affected site's server, potentially enabling remote code execution. This could lead to complete compromise of the affected system, with high impacts on confidentiality, integrity, and availability (WPScan, Patchstack).

The vulnerability has been fixed in version 6.6.16 of the Slider Revolution plugin. Site administrators are strongly advised to update to this version or later to address the security issue. Additionally, Patchstack has issued a virtual patch to mitigate this issue by blocking potential attacks until users can update to the fixed version (Patchstack).