CVE-2014-9735 Scanner
CVE-2014-9735 Scanner - Remote Code Execution (RCE) vulnerability in WordPress
Short Info
Level
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
15 days 2 hours
Scan only one
Domain, Subdomain, IPv4
Toolbox
-
The ThemePunch Slider Revolution, commonly known as RevSlider, is a popular plugin used with WordPress to create responsive slideshows and presentations. It is often employed by developers and website administrators to craft dynamic elements and transitions for enhanced user interaction. RevSlider, along with its counterpart Showbiz Pro plugin, streamlines the creation of elegant sliders on websites, contributing to aesthetic and functionality improvements. The plugins are integral to businesses and individual websites alike, providing versatility in content presentation. They are compatible with various themes and are frequently updated by WordPress professionals. Known for their rich features and widespread use, these plugins have become staples in the toolkit of web developers utilizing WordPress.
The vulnerability discovered in the RevSlider plugin allows for remote code execution, posing a significant threat to affected WordPress installations. This vulnerability arises from insufficient access restrictions on specific AJAX functions meant for administrative tasks. Attackers can exploit these weaknesses to manipulate and execute arbitrary files. As this could facilitate unauthorized access and create potential backdoors, quick mitigation of this flaw is essential. When exploited, the vulnerability can severely compromise website security and integrity. This underscores the importance of maintaining updated software environments to prevent exploitation.
Technical details reveal that the endpoints associated with administrator AJAX functionality are vulnerable. The parameter 'client_action' can be manipulated to perform unauthorized updates of plugin components. Through crafted HTTP POST requests, attackers can upload zip files containing malicious executables, potentially leading to remote code execution on the server. The upload functionality does not sufficiently restrict file types or origins, allowing for arbitrary file inclusion. Furthermore, follow-up requests can unveil the successful execution of the uploaded payload, confirming the breach. This vulnerability highlights critical lapses in user access control and file validation mechanisms.
Exploitation of this vulnerability can result in unauthorized control of the affected WordPress site. Malicious actors might upload and execute scripts that could siphon data, alter contents, or further infect the server and connected networks. It's possible for hackers to install persistent backdoors, leading to prolonged unauthorized observation of site activities. Attack chains leveraging this flaw could weaponize other known vulnerabilities, amplifying the risk to a potentially devastating level. Such exploitation significantly hampers the website's reliability, tarnishing user trust and compromising business operations.