WordPress.Slider.Revolution.File.Inclusion

description-logoDescription

This indicates an attack attempt against a File Inclusion vulnerability in WordPress Slider Revolution Premium plugin.
This is due to the user input filters failing to properly sanitize the "img" parameter value that is passed to "admin-ajax.php" with the action "revslider_show_image". An attacker may be able to access, review, or download arbitrary file via a crafted HTTP request.

affected-products-logoAffected Products

WordPress Slider Revolution 4.1 and earlier versions

Impact logoImpact

Infomration Disclosure: Remote attackers can gain sensitive information from vulnerable systems.

recomended-action-logoRecommended Actions

Upgrade to the latest version, available from the web site.
http://codecanyon.net/item/slider-revolution-responsive-wordpress-plugin/2751380

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)