WordPress Slider Revolution Local File Disclosure



Description
Note: The Construct, Echelon, Fusion, Method, Modular and Myriad affected themes are from the Mysitemyway, who went out of business, and the themes have been forked by BackStop Themes who does not use Revslider.

Affects Plugin

fixed in version 4.1.5

Affects Themes

fixed in version 3.4
fixed in version 1.7.1
fixed in version 2.8.3
fixed in version 2.8.3
fixed in version 2.8.3
fixed in version 2.8.3
fixed in version 2.8.3
fixed in version 2.8.3

References

CVE 2015-1579
EXPLOITDB 34511
PACKETSTORM 129761
URL https://blog.sucuri.net/2014/09/slider-revolution-plugin-critical-vulnerability-being-exploited.html

Classification

Type LFI
OWASP Top 10 A1: Injection
CWE CWE-22

Miscellaneous

Views 21486
Verified Yes
WPVDB ID 7540

Timeline

Publicly Published 2015-02-11 (almost 5 years ago)
Added 2014-09-17 (about 5 years ago)
Last Updated 2019-10-21 (about 2 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin