CVE-2014-9735

EXPLOITED NUCLEI

ThemePunch Slider Revolution <3.0.96 & Showbiz Pro <1.7.1 - RCE

Title source: llm

Description

The ThemePunch Slider Revolution (revslider) plugin before 3.0.96 for WordPress and Showbiz Pro plugin 1.7.1 and earlier for Wordpress does not properly restrict access to administrator AJAX functionality, which allows remote attackers to (1) upload and execute arbitrary files via an update_plugin action; (2) delete arbitrary sliders via a delete_slider action; and (3) create, (4) update, (5) import, or (6) export arbitrary sliders via unspecified vectors.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotephp

https://www.exploit-db.com/exploits/36957

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

by Simo Ben youssef · rubypocphp

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/wp_revslider_upload_execute.rb

View Code ZIP pw:eip

Nuclei Templates (1)

WordPress RevSlider - Remote Code Execution via File Upload

HIGHby iamnoooob,pdresearch

References (7)

[Exploit] http://seclists.org/fulldisclosure/2014/Nov/78

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/71306

[Vendor Advisory] http://www.themepunch.com/products/old-revolution-slider-pre-4-2-vulnerabilty-explained/

[Exploit] https://blog.sucuri.net/2014/12/revslider-vulnerability-leads-to-massive-wordpress-soaksoak-compromise.html

[Product] https://plugins.trac.wordpress.org/browser/patch-for-revolution-slider/trunk/revsliderpatch.php

[Exploit] https://whatisgon.wordpress.com/2014/11/30/another-revslider-vulnerability/

[Third Party Advisory] https://wpvulndb.com/vulnerabilities/7954

Scores

EPSS 0.8275

EPSS Percentile 99.2%

Details

VulnCheck KEV 2014-12-15

CWE

CWE-264

Status published

Products (2)

themepunch/showbiz_pro < 1.7.1

themepunch/slider_revolution < 3.0.95

Published Jun 30, 2015

Tracked Since Feb 18, 2026