WordPress Slider Revolution Local File Disclosure



Description
Note: The Construct, Echelon, Fusion, Method, Modular and Myriad affected themes are from the Mysitemyway, who went out of business, and the themes have been forked by BackStop Themes who does not use Revslider.

Affects Plugin

fixed in version 4.1.5

Affects Themes

fixed in version 3.4
fixed in version 1.7.1
fixed in version 2.8.3
fixed in version 2.8.3
fixed in version 2.8.3
fixed in version 2.8.3
fixed in version 2.8.3
fixed in version 2.8.3

References

CVE 2015-1579
EXPLOITDB 34511
EXPLOITDB 36039
PACKETSTORM 129761
URL http://blog.sucuri.net/2014/09/slider-revolution-plugin-critical-vulnerability-being-exploited.html

Classification

Type LFI
OWASP Top 10 A1: Injection
CWE CWE-22

Miscellaneous

Views 17901
Verified Yes
WPVDB ID 7540

Timeline

Publicly Published 2015-02-11 (over 4 years ago)
Added 2014-09-17 (almost 5 years ago)
Last Updated 2019-08-11 (6 days ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin