WordPress – RevSlider Local File Inclusion (LFI)

Home » Blog » WordPress – RevSlider Local File Inclusion (LFI)

Description

Kayran has detected that you’re using an outdated version of Slider Revolution Premium WordPress Plugin, that allows a remote attacker to download any file from the server.

By exploiting this vulnerability, attackers can download any file they please, even your wp-config.php file.
By doing so, he can steal the database’s credentials, which then allows him to initiate attacks against the website via the database.

Severity/Score

Average Score – 5.0 Medium

Recommendation

To prevent these types of LFI attacks, update the version of the WordPress Slider Revolution Premium plugin.

References

https://www.sliderrevolution.com/

https://cwe.mitre.org/data/definitions/22.html

< Return to all Vulnerabilities

WordPress – RevSlider Local File Inclusion (LFI)

Description

Severity/Score

Recommendation

References

Enterprise Mobility – BYOD vs. CYOD

Designing our Web Apps – CSS

The average hacker shopping list – the CVE

Cybersecurity – The thinnest security guards you will ever know

A funny word that is not funny – Proxy

Tracing your Requests

Links

registered user?