Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2014-9735

UNKNOWN
Published 2015-06-30T14:00:00
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2014-9735. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

The ThemePunch Slider Revolution (revslider) plugin before 3.0.96 for WordPress and Showbiz Pro plugin 1.7.1 and earlier for Wordpress does not properly restrict access to administrator AJAX functionality, which allows remote attackers to (1) upload and execute arbitrary files via an update_plugin action; (2) delete arbitrary sliders via a delete_slider action; and (3) create, (4) update, (5) import, or (6) export arbitrary sliders via unspecified vectors.

Available Exploits

WordPress RevSlider - Remote Code Execution via File Upload

The ThemePunch Slider Revolution (revslider) plugin before 3.0.96 for WordPress and Showbiz Pro plugin 1.7.1 and earlier for Wordpress does not properly restrict access to administrator AJAX functionality, which allows remote attackers to (1) upload and execute arbitrary files via an update_plugin action; (2) delete arbitrary sliders via a delete_slider action; and (3) create, (4) update, (5) import, or (6) export arbitrary sliders via unspecified vectors.

ID: CVE-2014-9735
Author: iamnoooobpdresearch High

References:

Related News

No news articles found for this CVE.

WordPress Vulnerability

Identified and analyzed by Wordfence

Software Type

Plugin

Patch Status

Patched

Published

November 25, 2014

Software Details

Software Name

Slider Revolution

Software Slug

revslider

Affected Versions

[*, 3.0.96)

Patched Versions

3.0.96

Remediation

Update to version 3.0.96, or a newer patched version

References

https://www.wordfence.com/threat-intel/vulnerabilities/id/28cb96a9-12bd-4d9c-ac53-72e81d11b0b6?source=api-prod

© Defiant Inc. Data provided by Wordfence.

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed HIGH

GHSA-86x3-cgp4-637q

Advisory Details

The ThemePunch Slider Revolution (revslider) plugin before 3.0.96 for WordPress and Showbiz Pro plugin 1.7.1 and earlier for Wordpress does not properly restrict access to administrator AJAX functionality, which allows remote attackers to (1) upload and execute arbitrary files via an update_plugin action; (2) delete arbitrary sliders via a delete_slider action; and (3) create, (4) update, (5) import, or (6) export arbitrary sliders via unspecified vectors.

CVSS Scoring

CVSS Score

7.5

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2014-9735
WEB https://blog.sucuri.net/2014/12/revslider-vulnerability-leads-to-massive-wordpress-soaksoak-compromise.html
WEB https://plugins.trac.wordpress.org/browser/patch-for-revolution-slider/trunk/revsliderpatch.php
WEB https://whatisgon.wordpress.com/2014/11/30/another-revslider-vulnerability
WEB https://wpvulndb.com/vulnerabilities/7954
WEB http://seclists.org/fulldisclosure/2014/Nov/78
WEB http://www.securityfocus.com/bid/71306
WEB http://www.themepunch.com/products/old-revolution-slider-pre-4-2-vulnerabilty-explained

Advisory provided by GitHub Security Advisory Database. Published: May 17, 2022, Modified: April 12, 2025

Social Media Intelligence

Real-time discussions and threat intelligence from social platforms

3 posts
Reddit 3 weeks, 5 days ago
profess-x
PoC

Hackerin update Se você quer **aprender na prática como funcionaram algumas das vulnerabilidades mais famosas da história**, acabamos de lançar novos conteúdos na nossa plataforma (100% em português 🇧🇷). 👉 Módulos recém-lançados: * Heartbleed (**CVE-2014-0160**) * EternalBlue (**CVE-2017-0144**) * Dirty COW (**CVE-2016-5195**) * Drupalgeddon2 (**CVE-2018-7600**) * WordPress RevSlider (**CVE-2014-9735**) * …

Also mentions: CVE-2022-0847 CVE-2019-0708 CVE-2018-7600 CVE-2017-0144 CVE-2017-5638 CVE-2016-5195 CVE-2014-6271 CVE-2014-0160 CVE-2008-4250
0.0
View Original High Risk
Reddit 3 weeks, 5 days ago
profess-x
PoC

Hackerin update Se você quer **aprender na prática como funcionaram algumas das vulnerabilidades mais famosas da história**, acabamos de lançar novos conteúdos na nossa plataforma (100% em português 🇧🇷). 👉 Módulos recém-lançados: * Heartbleed (**CVE-2014-0160**) * EternalBlue (**CVE-2017-0144**) * Dirty COW (**CVE-2016-5195**) * Drupalgeddon2 (**CVE-2018-7600**) * WordPress RevSlider (**CVE-2014-9735**) * …

Also mentions: CVE-2022-0847 CVE-2019-0708 CVE-2018-7600 CVE-2017-0144 CVE-2017-5638 CVE-2016-5195 CVE-2014-6271 CVE-2014-0160 CVE-2008-4250
0.0
View Original High Risk
Reddit 3 weeks, 5 days ago
profess-x
PoC

Hackerin update Se você quer **aprender na prática como funcionaram algumas das vulnerabilidades mais famosas da história**, acabamos de lançar novos conteúdos na nossa plataforma (100% em português 🇧🇷). 👉 Módulos recém-lançados: * Heartbleed (**CVE-2014-0160**) * EternalBlue (**CVE-2017-0144**) * Dirty COW (**CVE-2016-5195**) * Drupalgeddon2 (**CVE-2018-7600**) * WordPress RevSlider (**CVE-2014-9735**) * …

Also mentions: CVE-2022-0847 CVE-2019-0708 CVE-2018-7600 CVE-2017-0144 CVE-2017-5638 CVE-2016-5195 CVE-2014-6271 CVE-2014-0160 CVE-2008-4250
6
6.0
View Original High Risk

References

https://wpvulndb.com/vulnerabilities/7954
https://blog.sucuri.net/2014/12/revslider-vulnerability-leads-to-massive-wordpress-soaksoak-compromise.html
http://www.themepunch.com/products/old-revolution-slider-pre-4-2-vulnerabilty-explained/
http://seclists.org/fulldisclosure/2014/Nov/78
http://www.securityfocus.com/bid/71306
https://plugins.trac.wordpress.org/browser/patch-for-revolution-slider/trunk/revsliderpatch.php
https://whatisgon.wordpress.com/2014/11/30/another-revslider-vulnerability/
Published: 2015-06-30T14:00:00
Last Modified: 2024-08-06T13:55:04.674Z
Copied to clipboard!