Intrusion Prevention

WordPress.Slider.Revolution.File.Inclusion

Description

This indicates an attack attempt against a File Inclusion vulnerability in WordPress Slider Revolution Premium plugin.
This is due to the user input filters failing to properly sanitize the "img" parameter value that is passed to "admin-ajax.php" with the action "revslider_show_image". An attacker may be able to access, review, or download arbitrary file via a crafted HTTP request.

Affected Products

WordPress Slider Revolution 4.1 and earlier versions

Impact

Infomration Disclosure: Remote attackers can gain sensitive information from vulnerable systems.

Recommended Actions

Upgrade to the latest version, available from the web site.
http://codecanyon.net/item/slider-revolution-responsive-wordpress-plugin/2751380

CVE References

CVE-2015-1579 CVE-2014-9734