Arbitrary File Upload and Remote Code Execution in ThemePunch Slider Plugin for WordPress

CVE-2014-9735

Summary

The ThemePunch Slider Revolution plugin for WordPress prior to version 3.0.96 and the Showbiz Pro plugin version 1.7.1 and earlier suffer from a significant access control vulnerability. This flaw permits remote attackers to execute several unauthorized actions on an affected WordPress site. By leveraging the update_plugin action, attackers can upload and execute malicious files. Additionally, they can delete arbitrary sliders using the delete_slider action, and can manipulate sliders through various other unspecified vectors, such as creating, updating, importing, or exporting them. Websites using these vulnerable plugins are at high risk of exploitation, leading to potential malicious control and compromise.

References