WordPress – RevSlider Local File Inclusion (LFI)

Description

Cytrix has detected that you’re using an outdated version of Slider Revolution Premium WordPress Plugin, that allows a remote attacker to download any file from the server.

By exploiting this vulnerability, attackers can download any file they please, even your wp-config.php file.
By doing so, he can steal the database’s credentials, which then allows him to initiate attacks against the website via the database.

Severity/Score

Average Score – 5.0 Medium

Recommendation

To prevent these types of LFI attacks, update the version of the WordPress Slider Revolution Premium plugin.

References

https://www.sliderrevolution.com/

https://cwe.mitre.org/data/definitions/22.html

< Return to all Vulnerabilities

Active Directory Hacking

What does Active Directory mean? The Active Directory infrastructure is a critical infrastructure in most organizations, and it forms the backbone of the organization’s computing

Read More »