WordPress.Slider.Revolution.File.Inclusion
Description
This indicates an attack attempt against a File Inclusion vulnerability in WordPress Slider Revolution Premium plugin.
This is due to the user input filters failing to properly sanitize the "img" parameter value that is passed to "admin-ajax.php" with the action "revslider_show_image". An attacker may be able to access, review, or download arbitrary file via a crafted HTTP request.
Affected Products
WordPress Slider Revolution 4.1 and earlier versions
Impact
Infomration Disclosure: Remote attackers can gain sensitive information from vulnerable systems.
Recommended Actions
Upgrade to the latest version, available from the web site.
http://codecanyon.net/item/slider-revolution-responsive-wordpress-plugin/2751380
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |