Test ID:	1.3.6.1.4.1.25623.1.0.805518
Category:	Web application abuses
Title:	WordPress Slider Revolution Arbitrary File Download Vulnerability
Summary:	The WordPress plugin 'Slider Revolution' is prone to arbitrary file download vulnerability.
Description:	Summary: The WordPress plugin 'Slider Revolution' is prone to arbitrary file download vulnerability. Vulnerability Insight: Flaw is due to the plugin failed to restrict access to certain files. Vulnerability Impact: Successful exploitation will allow an unauthenticated remote attacker to download any arbitrary file. Affected Software/OS: WordPress Slider Revolution version 4.1.4 and prior. Solution: No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2015-1579 http://www.exploit-db.com/exploits/36039 https://wpvulndb.com/vulnerabilities/7540 Common Vulnerability Exposure (CVE) ID: CVE-2014-9734 http://www.exploit-db.com/exploits/34511 http://marketblog.envato.com/news/affected-themes/ http://marketblog.envato.com/news/plugin-vulnerability/ http://packetstormsecurity.com/files/132366/WordPress-Revslider-4.2.2-XSS-Information-Disclosure.html https://blog.sucuri.net/2014/12/revslider-vulnerability-leads-to-massive-wordpress-soaksoak-compromise.html https://plugins.trac.wordpress.org/browser/patch-for-revolution-slider/trunk/revsliderpatch.php
Copyright	Copyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.