CVE-2023-47784 – This vulnerability allows attackers to upload a... (How to Fix)

Q: What is the severity of CVE-2023-47784?

CVE-2023-47784 has a CVSS score of 8.4 (HIGH). This vulnerability allows attackers to upload arbitrary files to WordPress sites using vulnerable versions of the Slider Revolution plugin. Attackers can exploit this to upload malicious files like webshells, potentially gaining unauthorized access or control. All WordPress sites with Slider Revolution versions up to 6.6.15 are affected.

📋 TL;DR

This vulnerability allows attackers to upload arbitrary files to WordPress sites using vulnerable versions of the Slider Revolution plugin. Attackers can exploit this to upload malicious files like webshells, potentially gaining unauthorized access or control. All WordPress sites with Slider Revolution versions up to 6.6.15 are affected.

💻 Affected Systems

Products:

ThemePunch OHG Slider Revolution WordPress Plugin

Versions: All versions up to and including 6.6.15

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Requires author-level or higher WordPress user role for exploitation in some configurations.

📦 What is this software?

Slider Revolution by Themepunch

View all CVEs affecting Slider Revolution →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete site compromise through remote code execution, data theft, defacement, or malware distribution.

🟠

Likely Case

Unauthorized file upload leading to webshell installation, backdoor persistence, or limited server access.

🟢

If Mitigated

File upload attempts blocked or logged with no successful exploitation.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires at least author-level access; public proof-of-concept code exists.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 6.6.16 or later

Vendor Advisory: https://www.sliderrevolution.com/

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find Slider Revolution. 4. Click 'Update Now' or manually update to version 6.6.16+. 5. Verify update completes successfully.

🔧 Temporary Workarounds

Disable Plugin

all

Temporarily deactivate Slider Revolution plugin until patched.

wp plugin deactivate revslider

Restrict File Uploads

all

Use web application firewall (WAF) rules to block suspicious file uploads to Slider Revolution endpoints.

🧯 If You Can't Patch

Implement strict file upload validation at the web server or application level.
Monitor and audit file upload activities, especially to Slider Revolution directories.

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel > Plugins > Slider Revolution version; if ≤6.6.15, vulnerable.

Check Version:

wp plugin get revslider --field=version

Verify Fix Applied:

Confirm Slider Revolution version is 6.6.16 or higher in WordPress plugins list.

📡 Detection & Monitoring

Log Indicators:

Unusual file uploads to /wp-content/plugins/revslider/ directories
POST requests to revslider_admin_ajax.php with file parameters

Network Indicators:

HTTP POST requests with file uploads to Slider Revolution admin endpoints

SIEM Query:

source="web_logs" AND uri="/wp-admin/admin-ajax.php" AND action="revslider_ajax_action" AND (file_upload OR filename)

📊 Metadata

CVE ID: CVE-2023-47784

CVSS v3 Score: 8.4 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

CWE: CWE-434

Published: December 20, 2023

Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-47784, you might also want to check these: