WordPress RevSlider Plugin < 4.2 Arbitrary File Download

critical Nessus Network Monitor Plugin ID 8601

Synopsis

The remote WordPress server utilizes a third-party plugin which is prone to an arbitrary file download vulnerability.

Description

Slider Revolution, also known as RevSlider is a paid plugin used by many WordPress websites. RevSlider often comes bundled with purchased WordPress themes, but can also be bought individually and added on to your current theme.

Versions of RevSlider prior to 4.2 are at risk of leaking the contents of 'wp-config.php' through the 'img=' parameter in the file 'admin-ajax.php'. An attacker who is able to identify an outdated instance of this plugin can leverage this vulnerability to discover SQL database credentials and compromise the WordPress site in question.

Solution

Upgrade to RevSlider 4.6.5. If 4.6.5 cannot be obtained, version 4.2.0 or later has been patched for this vulnerability.

See Also

http://www.nessus.org/u?fe638842

http://www.nessus.org/u?ddfe1920

http://seclists.org/fulldisclosure/2014/Nov/78

http://marketblog.envato.com/news/plugin-vulnerability

Plugin Details

Severity: Critical

ID: 8601

Family: CGI

Published: 3/12/2015

Updated: 3/6/2019

Nessus ID: 80475

Risk Information

CVSS v2

Risk Factor: High

Base Score: 9.4

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:N

CVSS v3

Risk Factor: Critical

Base Score: 9.1

Temporal Score: 8.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

Patch Publication Date: 2/15/2014

Vulnerability Publication Date: 7/28/2014

Reference Information

BID: 68942