What is CVE-2014-9735?

CVE-2014-9735 is a vulnerability in Themepunch Showbiz_pro, classified under CWE-264. Published 2015-06-30.

Is CVE-2014-9735 known to be exploited?

5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Themepunch Showbiz_pro

CVE-2014-9735

The ThemePunch Slider Revolution (revslider) plugin before 3.0.96 for WordPress and Showbiz Pro plugin 1.7.1 and earlier for Wordpress does not properly restrict access to administrator AJAX functionality, which allows remote attackers to…

EPSS: 0.827 (99.3th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

CWE-264

Public proof-of-concept exploits

References

cve@mitre.org (x_refsource_MISC)
cve@mitre.org (Exploit, x_refsource_MISC)
cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
20151125 Slider Revolution/Showbiz Pro shell upload exploit (mailing-list, Exploit, x_refsource_FULLDISC)
71306 (vdb-entry, x_refsource_BID)
cve@mitre.org (x_refsource_MISC)
cve@mitre.org (Exploit, x_refsource_MISC)

Frequently asked questions

What is CVE-2014-9735?: CVE-2014-9735 is a vulnerability in Themepunch Showbiz_pro, classified under CWE-264. Published 2015-06-30.
Is CVE-2014-9735 known to be exploited?: 5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.