Description

The WordPress plugin Slider Revolution was vulnerable to an arbitrary file disclosure vulnerability that allows an attacker to download any file from the server. This vulnerability is/was actively exploited in the wild.

Remediation

Upgrade to the latest version of the plugin.

References

Slider Revolution Plugin Critical Vulnerability Being Exploited

Related Vulnerabilities

Joomla! Core 3.3.x Remote File Inclusion (3.3.0 - 3.3.4)

MySQL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2006-0369)

Joomla! Core 1.0.x Multiple Vulnerabilities (1.0.0 - 1.0.12)

WordPress Plugin All-In-One Security (AIOS)-Security and Firewall Multiple Vulnerabilities (4.1.2)

Joomla Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-7983)

Severity

High

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

File Inclusion