CVE-2024-34444

HIGH EXPLOITED

ThemePunch OHG Slider Revolution <6.7.0 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2024-34444 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including dzmind2312.

AI-analyzed exploit summary This repository contains a Python-based scanner for detecting CVE-2024-34444, a Missing Authorization vulnerability in Slider Revolution WordPress plugin versions < 6.7.0. It automates nonce extraction and checks for vulnerable REST API endpoints but does not include exploit code for unauthorized modifications.

Description

Missing Authorization vulnerability in ThemePunch OHG Slider Revolution.This issue affects Slider Revolution: from n/a before 6.7.0.

Exploits (1)

nomisec SCANNER
by dzmind2312 · poc
https://github.com/dzmind2312/CVE-2024-34444-Exploit-Poc

This repository contains a Python-based scanner for detecting CVE-2024-34444, a Missing Authorization vulnerability in Slider Revolution WordPress plugin versions < 6.7.0. It automates nonce extraction and checks for vulnerable REST API endpoints but does not include exploit code for unauthorized modifications.

Classification
Scanner 90%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: Slider Revolution WordPress plugin < 6.7.0
No auth needed
Prerequisites: Access to the target's `/wp-json/revslider/v1/slider/save` endpoint · Presence of `revslider_actions` nonce in frontend JS
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 7.1
EPSS 0.0033
EPSS Percentile 24.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

VulnCheck KEV 2024-05-28
CWE
CWE-862
Status published
Products (2)
themepunch/slider_revolution < 6.7.0
ThemePunch OHG/Slider Revolution < 6.7.0
Published Jun 19, 2024
Tracked Since Feb 18, 2026