Description
The WordPress plugin Slider Revolution was vulnerable to an arbitrary file disclosure vulnerability that allows an attacker to download any file from the server. This vulnerability is/was actively exploited in the wild.
Remediation
Upgrade to the latest version of the plugin.
References
Related Vulnerabilities
WordPress Plugin Annonces 'abspath' Parameter Remote File Include (1.2.0.0)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2020-25703)
WordPress Plugin Visual Composer:Page Builder for WordPress Local File Inclusion (5.1)
[Possible] Password Transmitted over Query String
WordPress Plugin Woocommerce-Recent Purchases Local File Inclusion (1.0.1)