Revolution Slider – LFI Vulnerability

If you use Revolution Slider or a theme that bundles Revolution Slider, it is likely vulnerable to a Local File Inclusion (LFI) attack. This leads to full site compromise, lets you download arbitrary files from the server, assuming you have privileges and know the correct relative path. e.g. you can download the wp-config.php file by going to the following url: your_website_domain.com/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php and can see all database credentials on the site. Till you update your pluggin, the emergency fix you can apply is as follows

Locate and open image_view.class.php in a text editor and find the outputImage function. In that function, add the following lines below $ext = strtolower($ext);

$allowed_extensions = array(‘jpg’, ‘png’, ‘gif’, ‘jpeg’, ‘tiff’, ‘bmp’);
if(empty($ext) || !in_array($ext, $allowed_extensions)) die(‘Unauthorized Access’);

Jay KumarRevolution Slider – LFI Vulnerability