Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

WordPress RevSlider Plugin < 4.2 Arbitrary File Download

High

Synopsis

The remote WordPress server utilizes a third-party plugin which is prone to an arbitrary file download vulnerability.

Description

Slider Revolution, also known as RevSlider is a paid plugin used by many WordPress websites. RevSlider often comes bundled with purchased WordPress themes, but can also be bought individually and added on to your current theme.

Versions of RevSlider prior to 4.2 are at risk of leaking the contents of 'wp-config.php' through the 'img=' parameter in the file 'admin-ajax.php'. An attacker who is able to identify an outdated instance of this plugin can leverage this vulnerability to discover SQL database credentials and compromise the WordPress site in question.

Solution

Upgrade to RevSlider 4.6.5. If 4.6.5 cannot be obtained, version 4.2.0 or later has been patched for this vulnerability.