WordPress RevSlider Plugin < 4.2 Arbitrary File Download

High Nessus Network Monitor Plugin ID 8601

Synopsis

The remote WordPress server utilizes a third-party plugin which is prone to an arbitrary file download vulnerability.

Description

Slider Revolution, also known as RevSlider is a paid plugin used by many WordPress websites. RevSlider often comes bundled with purchased WordPress themes, but can also be bought individually and added on to your current theme.

Versions of RevSlider prior to 4.2 are at risk of leaking the contents of 'wp-config.php' through the 'img=' parameter in the file 'admin-ajax.php'. An attacker who is able to identify an outdated instance of this plugin can leverage this vulnerability to discover SQL database credentials and compromise the WordPress site in question.

Solution

Upgrade to RevSlider 4.6.5. If 4.6.5 cannot be obtained, version 4.2.0 or later has been patched for this vulnerability.

See Also

http://www.nessus.org/u?fe638842

http://www.nessus.org/u?ddfe1920

http://seclists.org/fulldisclosure/2014/Nov/78

http://marketblog.envato.com/news/plugin-vulnerability

Plugin Details

Severity: High

ID: 8601

File Name: 8601.prm

Family: CGI

Published: 2015/03/12

Modified: 2016/12/06

Dependencies: 6885

Nessus ID: 80475

Risk Information

Risk Factor: High

CVSSv2

Base Score: 9.4

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:N

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

CVSSv3

Base Score: 9.1

Temporal Score: 8.4

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Temporal Vector: CVSS3#E:F/RL:O/RC:C

Vulnerability Information

Patch Publication Date: 2014/02/15

Vulnerability Publication Date: 2014/07/28

Reference Information

BID: 68942