Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2014-9734

Published: 30/06/2015 Updated: 01/07/2015
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 510
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Slider Revolution

Vulnerability Summary

Directory traversal vulnerability in the Slider Revolution (revslider) plugin prior to 4.2 for WordPress allows remote malicious users to read arbitrary files via a .. (dot dot) in the img parameter in a revslider_show_image action to wp-admin/admin-ajax.php.

Vulnerable Product Search on Vulmon Subscribe to Product

themepunch slider revolution

Exploits

Exploit DB: WordPress Elegant Themes Divi Theme Directory Traversal Nmap NSE Script
This NSE script for Nmap exploits a directory traversal in WordPress Elegant Themes Divi Theme ...
Exploit DB: WordPress Plugin Slider REvolution 4.1.4 - Arbitrary File Download
# Exploit Title : WordPress Slider Revolution Responsive <= 414 Arbitrary File Download vulnerability # Exploit Author : Claudio Viviani # Vendor Homepage : codecanyonnet/item/slider-revolution-responsive-wordpress-plugin/2751380 # Software Link : Premium plugin # Dork Google: revsliderphp "index of" # Date : 2014 ...
Exploit DB: Mulitple WordPress Themes - 'admin-ajax.php?img' Arbitrary File Download
# WordPress CuckooTap Theme & eShop Arbitrary File Download # Risk: High # CWE number: CWE-200 # Author: Hugo Santiago # Contact: hugos@linuxmailorg # Date: 31/08/2014 # Vendor Homepage: themeforestnet/item/cuckootap-one-page-parallax-wp-theme-plus-eshop/3512405 # Tested on: Windows 7 and Gnu/Linux # Google Dork: "Index of" +/wp-conte ...

References

CWE-22http://marketblog.envato.com/news/plugin-vulnerability/http://packetstormsecurity.com/files/132366/WordPress-Revslider-4.2.2-XSS-Information-Disclosure.htmlhttps://blog.sucuri.net/2014/12/revslider-vulnerability-leads-to-massive-wordpress-soaksoak-compromise.htmlhttps://plugins.trac.wordpress.org/browser/patch-for-revolution-slider/trunk/revsliderpatch.phphttps://blog.sucuri.net/2014/09/slider-revolution-plugin-critical-vulnerability-being-exploited.htmlhttp://marketblog.envato.com/news/affected-themes/http://www.exploit-db.com/exploits/34511https://nvd.nist.govhttps://packetstormsecurity.com/files/142064/WordPress-Elegant-Themes-Divi-Theme-Directory-Traversal-Nmap-NSE-Script.htmlhttps://www.exploit-db.com/exploits/36554/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32744privilege escalationCVE-2024-30253CVE-2024-3914cross-site scriptingCVE-2024-31497CVE-2024-3400CVE-2024-32341hardcoded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook