CVE-2014-9734

Name of the Vulnerable Software and Affected Versions Slider Revolution (revslider) plugin versions prior to 4.2 for WordPress

Description The issue allows remote attackers to read arbitrary files by exploiting a directory traversal vulnerability in the Slider Revolution plugin. This is achieved by including a .. (dot dot) in the img parameter within a revslider show image action to the "/wp-admin/admin-ajax.php" endpoint.

Recommendations For versions prior to 4.2, update the Slider Revolution (revslider) plugin to version 4.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/wp-admin/admin-ajax.php" endpoint or disabling the revslider show image action until the update is applied.