CVE-2014-9735

NONE EPSS 99.5%
Published Jun 30, 201511y ago · Modified Jun 17, 20262w ago
Find Similar
Published Jun 30, 2015 11y ago
Last Modified Jun 17, 2026 2w ago

Description

The ThemePunch Slider Revolution (revslider) plugin before 3.0.96 for WordPress and Showbiz Pro plugin 1.7.1 and earlier for Wordpress does not properly restrict access to administrator AJAX functionality, which allows remote attackers to (1) upload and execute arbitrary files via an update_plugin action; (2) delete arbitrary sliders via a delete_slider action; and (3) create, (4) update, (5) import, or (6) export arbitrary sliders via unspecified vectors.

Threat Intelligence

EPSS Exploit Probability
99.5% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available

Weaknesses 1

CWE-264

Affected Products 2

VendorProductVersionRange
themepunchshowbiz_pro* ≤1.7.1
themepunchslider_revolution* ≤3.0.95

References 7

  • seclists.org http://seclists.org/fulldisclosure/2014/Nov/78
    Exploit
  • securityfocus.com http://www.securityfocus.com/bid/71306
  • themepunch.com http://www.themepunch.com/products/old-revolution-slider-pre-4-2-vulnerabilty-explained/
    Vendor Advisory
  • blog.sucuri.net https://blog.sucuri.net/2014/12/revslider-vulnerability-leads-to-massive-wordpress-soaksoak-compromise.html
    Exploit
  • plugins.trac.wordpress.org https://plugins.trac.wordpress.org/browser/patch-for-revolution-slider/trunk/revsliderpatch.php
  • whatisgon.wordpress.com https://whatisgon.wordpress.com/2014/11/30/another-revslider-vulnerability/
    Exploit
  • wpvulndb.com https://wpvulndb.com/vulnerabilities/7954

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.