WordPress RevSlider Plugin < 4.2 Arbitrary File Download
High Nessus Network Monitor Plugin ID 8601
SynopsisThe remote WordPress server utilizes a third-party plugin which is prone to an arbitrary file download vulnerability.
DescriptionSlider Revolution, also known as RevSlider is a paid plugin used by many WordPress websites. RevSlider often comes bundled with purchased WordPress themes, but can also be bought individually and added on to your current theme.
Versions of RevSlider prior to 4.2 are at risk of leaking the contents of 'wp-config.php' through the 'img=' parameter in the file 'admin-ajax.php'. An attacker who is able to identify an outdated instance of this plugin can leverage this vulnerability to discover SQL database credentials and compromise the WordPress site in question.
SolutionUpgrade to RevSlider 4.6.5. If 4.6.5 cannot be obtained, version 4.2.0 or later has been patched for this vulnerability.