Vulnerability in Slider Revolution Responsive plugin for WordPress Could Allow for Arbitrary-File Download

ITS Advisory Number: 
2014-072
Date(s) Issued: 
Tuesday, August 26, 2014
Subject: 
Vulnerability in Slider Revolution Responsive plugin for WordPress Could Allow for Arbitrary-File Download
Overview: 

A vulnerability has been discovered in Slider Revolution Responsive plugin for WordPress CMS which could allow an attacker to download arbitrary files. Slider Revolution Responsive is a plugin for the WordPress content management application, which allows for image transition effects, an image preloader, video embedding, user interaction, etc. Successful exploitation of this vulnerability may allow an attacker to download arbitrary files from the Web server and obtain sensitive information.

At this time, NYS CSOC has observed this vulnerability being exploited in the wild. Vulnerabilities have been observed in other slider plugins, but haven't been observed in the wild.

Systems Affected: 
  • ENVATO Slider Revolution Responsive 4.1.4
RISK
GOVERNMENT
Large and medium government entities: 
High
Small government entities: 
High
BUSINESS
Large and medium business entities: 
High
Small business entities: 
High
Home Users: 
Low
Description: 

The Slider Revolution Responsive plugin for WordPress is prone to a vulnerability that lets attackers download arbitrary files through a web browser. Specifically, this issue occurs because it fails to sufficiently verify the file submitted through the 'img' parameter of the 'admin-ajax.php' script. Successful exploitation of this vulnerability may allow an attacker to download arbitrary files from the Web server and obtain sensitive information.

Actions: 

We recommend the following actions be taken:

  • Update vulnerable Slider Revolution Responsive versions immediately after appropriate testing.
  • Run all software as a non-privileged user with minimal access rights.
  • Consider implementing a web application firewall and/or File Integrity Monitoring solution for greater risk management for web-based applications
  • Perform regular web application and vulnerability scans of all public facing equipment. These scans should be performed, at a minimum, quarterly, but ideally on a monthly basis.
  • Ensure that systems are hardened with industry-accepted guidelines.
  • Keep all operating systems, applications and essential software up to date to mitigate potential exploitation by attackers.
References: 

Code Canyon:
http://codecanyon.net/item/slider-revolution-responsive-wordpress-plugin/2751380

Packet Storm:
http://packetstormsecurity.com/files/127645/WordPress-Slider-Revolution-Responsive-4.1.4-File-Download.html

Security Focus:
http://www.securityfocus.com/bid/68942