CVE-2014-9735 Scanner
Detects unauthenticated file upload RCE in WordPress RevSlider plugin (CVE-2014-9735)
Short Info
Level
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
8 days 5 hours
Scan only one
Domain, Subdomain, IPv4
Toolbox
-
The Slider Revolution (RevSlider) plugin for WordPress, developed by ThemePunch, is widely used for creating responsive sliders. However, versions prior to 3.0.96 suffer from a critical vulnerability that allows unauthenticated attackers to perform arbitrary file uploads and execute code on the server.
This scanner detects the vulnerability described in CVE-2014-9735, where improper authorization checks on `admin-ajax.php` allow remote attackers to call administrative AJAX functions—specifically `update_plugin`. By sending a crafted ZIP file containing a malicious PHP payload, the attacker can upload and execute arbitrary code.
The uploaded PHP file is placed in a predictable location: `/wp-content/plugins/revslider/temp/update_extract/`, making it easily accessible for triggering.
Successful exploitation leads to remote code execution in the context of the web server, potentially resulting in full site compromise, data theft, defacement, or further pivoting inside the network.
REFERENCES
- https://whatisgon.wordpress.com/2014/11/30/another-revslider-vulnerability/
- https://nvd.nist.gov/vuln/detail/CVE-2014-9735
- https://www.exploit-db.com/exploits/35385
- https://wpvulndb.com/vulnerabilities/7954
- https://plugins.trac.wordpress.org/browser/patch-for-revolution-slider/trunk/revsliderpatch.php
