CVE-2014-9735
HIGHEPSS 99th pctlDescription
The ThemePunch Slider Revolution (revslider) plugin before 3.0.96 for WordPress and Showbiz Pro plugin 1.7.1 and earlier for Wordpress does not properly restrict access to administrator AJAX functionality, which allows remote attackers to (1) upload and execute arbitrary files via an update_plugin action; (2) delete arbitrary sliders via a delete_slider action; and (3) create, (4) update, (5) import, or (6) export arbitrary sliders via unspecified vectors.
CVSS v2 Vector
No CVSS vector data available.
Exploit Intelligence
Very high risk: more likely to be exploited than 99% of all known CVEs.
References
- http://seclists.org/fulldisclosure/2014/Nov/78
- http://www.securityfocus.com/bid/71306
- http://www.themepunch.com/products/old-revolution-slider-pre-4-2-vulnerabilty-explained/
- https://blog.sucuri.net/2014/12/revslider-vulnerability-leads-to-massive-wordpress-soaksoak-compromise.html
- https://plugins.trac.wordpress.org/browser/patch-for-revolution-slider/trunk/revsliderpatch.php
- https://whatisgon.wordpress.com/2014/11/30/another-revslider-vulnerability/
- https://wpvulndb.com/vulnerabilities/7954
Find and fix vulnerabilities across your fleet
TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.
Start freeThis product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2026-05-06.