WordPress – RevSlider Local File Inclusion (LFI)

Description

Kayran has detected that you’re using an outdated version of Slider Revolution Premium WordPress Plugin, that allows a remote attacker to download any file from the server.

By exploiting this vulnerability, attackers can download any file they please, even your wp-config.php file.
By doing so, he can steal the database’s credentials, which then allows him to initiate attacks against the website via the database.

Recommendation

To prevent these types of LFI attacks, update the version of the WordPress Slider Revolution Premium plugin.

References

https://www.sliderrevolution.com/

< Return to all Vulnerabilities

APT vs. ATP

In this article we will talk about APT vs. ATP. In other words, Advanced Persistent Threat and Advanced Threat Protection and the context between these

Read More »