CVE-2025-9217: 
WordPress vulnerability analysis and mitigation

The Slider Revolution plugin for WordPress contains a Path Traversal vulnerability (CVE-2025-9217) discovered on August 29, 2025. This vulnerability affects all versions up to and including 6.7.36. The plugin is a popular WordPress slider tool used for creating responsive slideshows, carousels, and hero sections (NVD).

The vulnerability exists in the handling of 'usedsvg' and 'usedimages' parameters, allowing path traversal attacks. It has been assigned a CVSS v3.1 base score of 6.5 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. The vulnerability is classified as CWE-22 (Improper Limitation of a Pathname to a Restricted Directory) (NVD).

The vulnerability allows authenticated attackers with Contributor-level access or higher to read the contents of arbitrary files on the server. This could lead to unauthorized access to sensitive information stored on the server (NVD).

The vulnerability has been patched in version 6.7.37, released on August 28, 2025. Users are advised to update to this version immediately. The update includes security hardening measures specifically addressing the SVG & image path traversal in exported ZIP files (Slider Changelog).