WordPress plugin Slider Revolution arbitrary file disclosure
Description
The Slider Revolution plugin for WordPress contains an arbitrary file disclosure vulnerability that allows unauthenticated attackers to read any file accessible to the web server. This vulnerability does not require authentication and has been actively exploited by attackers in the wild to extract sensitive configuration files, database credentials, and other confidential information from compromised WordPress installations.
Remediation
Immediately update the Slider Revolution plugin to version 4.2 or later, which addresses this vulnerability. If you are using a theme with a bundled version of Slider Revolution, contact the theme developer for an updated version or purchase a standalone license to receive updates directly. After updating, review server logs for any suspicious file access patterns and check the wp-config.php file and database for unauthorized modifications. If the plugin is not actively used, deactivate and remove it entirely. Consider implementing additional security measures such as file integrity monitoring and restricting file permissions to minimize the impact of similar vulnerabilities in the future.