CVE-2014-9735

Name of the Vulnerable Software and Affected Versions ThemePunch Slider Revolution plugin versions prior to 3.0.96 Showbiz Pro plugin version 1.7.1 and earlier

Description The issue allows remote attackers to upload and execute arbitrary files, delete arbitrary sliders, and create, update, import, or export arbitrary sliders due to improper access restriction to administrator AJAX functionality.

Recommendations For ThemePunch Slider Revolution plugin versions prior to 3.0.96, update to version 3.0.96 or later. For Showbiz Pro plugin version 1.7.1 and earlier, update to a version later than 1.7.1.