Detections
Analytics

Multiple Slider Plugins for WordPress 'img' Parameter Local File Inclusion Vulnerability

medium Nessus Plugin ID 80475

Language:

Synopsis

The remote web server contains a PHP script that is affected by a local file inclusion vulnerability.

Description

A Slider plugin for WordPress hosted on the remote web server is affected by a local file inclusion vulnerability due to a failure to properly sanitize user-supplied input to the 'img' parameter of the 'image_view.class.php' script. This allows an unauthenticated, remote attacker to read arbitrary files by forming a GET request containing directory traversal sequences.

Slider plugins known to be affected are :

 - Responsive KenBurner Slider
 - Slider Revolution Responsive

Themes known to include affected Slider plugins are :

 - Avada Theme
 - Centum Theme
 - CuckooTap Theme
 - IncredibleWP Theme
 - Medicate Theme
 - Striking Theme
 - Ultimatum Theme

Solution

Upgrade the vulnerable plugins to the updated versions below :

 - Responsive KenBurner Slider version 1.8
 - Slider Revolution Responsive version 4.2

See Also

http://marketblog.envato.com/news/plugin-vulnerability/

http://www.themepunch.com/home/plugin-update-information/

http://www.nessus.org/u?9dc3ba1c

Plugin Details

Severity: Medium

ID: 80475

File Name: wordpress_slider_plugins_file_disclosure.nasl

Version: 1.9

Type: remote

Family: CGI abuses

Published: 1/13/2015

Updated: 6/4/2024

Supported Sensors: Nessus

Enable CGI Scanning: true

Vulnerability Information

CPE: cpe:/a:wordpress:wordpress

Required KB Items: installed_sw/WordPress, www/PHP

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2/1/2014

Vulnerability Publication Date: 7/28/2014

Reference Information

BID: 68942