WordPress Slider Revolution Plugin vulnerability

Slider Revolution Plugin is a premium WordPress plugin used by many premium themes. This plugin is bundle with premium WordPress themes.

WHMCS Complete Billing and Support

Back in February 2014, there was a critical vulnerability discovered in this plugin. This was patched by the developers however it is possible that themes were not updated to use the latest version and thus this vulnerability is still present in many WordPress websites.

Using this vulnerability, it is possible to download any files from the account including your WordPress configuration file. the proof of concept is already released publicly. If you have using WordPress Slider Revolution Plugin (included in theme or installed it directly), it is highly recommended to upgrade to version 4.2.

Also, it is strongly recommended that you reset your password which is used for your database user.

Again due to nature of this vulnerability, you should upgrade your WordPress plugin Slider Revolution Plugin to version 4.2.

For ongoing discussion, please refer our web hosting talk thread at WordPress Slider Revolution Plugin vulnerability.

Posted in Security.

Leave a Reply

Your email address will not be published. Required fields are marked *