Design/Logic Flaw

2015-06-3014:59:00

PRIOn knowledge base

www.prio-n.com

7.8 High

AI Score

Confidence

Low

0.935 High

EPSS

Percentile

99.1%

JSON

The ThemePunch Slider Revolution (revslider) plugin before 3.0.96 for WordPress and Showbiz Pro plugin 1.7.1 and earlier for Wordpress does not properly restrict access to administrator AJAX functionality, which allows remote attackers to (1) upload and execute arbitrary files via an update_plugin action; (2) delete arbitrary sliders via a delete_slider action; and (3) create, (4) update, (5) import, or (6) export arbitrary sliders via unspecified vectors.

CPENameOperatorVersion
showbiz_prole1.7.1
slider_revolutionle3.0.95

CPE	Name	Operator	Version
	showbiz_pro	le	1.7.1
	slider_revolution	le	3.0.95

References

seclists.org/fulldisclosure/2014/Nov/78

www.securityfocus.com/bid/71306

www.themepunch.com/products/old-revolution-slider-pre-4-2-vulnerabilty-explained/

blog.sucuri.net/2014/12/revslider-vulnerability-leads-to-massive-wordpress-soaksoak-compromise.html

plugins.trac.wordpress.org/browser/patch-for-revolution-slider/trunk/revsliderpatch.php

whatisgon.wordpress.com/2014/11/30/another-revslider-vulnerability/

wpvulndb.com/vulnerabilities/7954