CVE-2014-9735

The ThemePunch Slider Revolution (revslider) plugin before 3.0.96 for WordPress and Showbiz Pro plugin 1.7.1 and earlier for Wordpress does not properly restrict access to administrator AJAX functionality, which allows remote attackers to (1) upload and execute arbitrary files via an update_plugin action; (2) delete arbitrary sliders via a delete_slider action; and (3) create, (4) update, (5) import, or (6) export arbitrary sliders via unspecified vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 99%
VendorProductVersion
themepunchshowbiz_pro
𝑥
≤ 1.7.1
themepunchslider_revolution
𝑥
≤ 3.0.95
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://seclists.org/fulldisclosure/2014/Nov/78
http://www.securityfocus.com/bid/71306
http://www.themepunch.com/products/old-revolution-slider-pre-4-2-vulnerabilty-explained/
https://blog.sucuri.net/2014/12/revslider-vulnerability-leads-to-massive-wordpress-soaksoak-compromise.html
https://plugins.trac.wordpress.org/browser/patch-for-revolution-slider/trunk/revsliderpatch.php
https://whatisgon.wordpress.com/2014/11/30/another-revslider-vulnerability/
https://wpvulndb.com/vulnerabilities/7954
http://seclists.org/fulldisclosure/2014/Nov/78
http://www.securityfocus.com/bid/71306
http://www.themepunch.com/products/old-revolution-slider-pre-4-2-vulnerabilty-explained/
https://blog.sucuri.net/2014/12/revslider-vulnerability-leads-to-massive-wordpress-soaksoak-compromise.html
https://plugins.trac.wordpress.org/browser/patch-for-revolution-slider/trunk/revsliderpatch.php
https://whatisgon.wordpress.com/2014/11/30/another-revslider-vulnerability/
https://wpvulndb.com/vulnerabilities/7954