A vulnerability has been discovered in Slider Revolution Responsive plugin for WordPress CMS which could allow an attacker to download arbitrary files. Slider Revolution Responsive is a plugin for the WordPress content management application, which allows for image transition effects, an image preloader, video embedding, user interaction, etc. Successful exploitation of this vulnerability may allow an attacker to download arbitrary files from the Web server and obtain sensitive information.
At this time, NYS CSOC has observed this vulnerability being exploited in the wild. Vulnerabilities have been observed in other slider plugins, but haven't been observed in the wild.
- ENVATO Slider Revolution Responsive 4.1.4
The Slider Revolution Responsive plugin for WordPress is prone to a vulnerability that lets attackers download arbitrary files through a web browser. Specifically, this issue occurs because it fails to sufficiently verify the file submitted through the 'img' parameter of the 'admin-ajax.php' script. Successful exploitation of this vulnerability may allow an attacker to download arbitrary files from the Web server and obtain sensitive information.
We recommend the following actions be taken:
- Update vulnerable Slider Revolution Responsive versions immediately after appropriate testing.
- Run all software as a non-privileged user with minimal access rights.
- Consider implementing a web application firewall and/or File Integrity Monitoring solution for greater risk management for web-based applications
- Perform regular web application and vulnerability scans of all public facing equipment. These scans should be performed, at a minimum, quarterly, but ideally on a monthly basis.
- Ensure that systems are hardened with industry-accepted guidelines.
- Keep all operating systems, applications and essential software up to date to mitigate potential exploitation by attackers.