Vulnerability In The Slider Revolution Plugin

Sucuri has discovered a very serious vulnerability in the ‘Slider Revolution’ plugin. All versions below 4.2 are exploitable.

As the Sucuri blog post points out, this is serious. This vulnerability can allow an attacker to read any file on the system that the PHP process can access. One obvious target is the wp-config.php file, which contains the username and password for your WordPress database, making it a common target.

Version 1.6.5 of the VaultPress plugin has a new hot fix that protects against attempts to exploit the vulnerability. If you have provided SSH, SFTP, or FTP access to us, then we’ve already pushed out the updated plugin to your site.

If you have not provided us SSH, SFTP, or FTP access, please download VaultPress version 1.6.5 and install it.

To allow us to update your plugin remotely with security hot fixes, add or update remote access credentials in your VaultPress.com account dashboard.

While the ‘Slider Revolution’ is a plugin, there are also themes that ship with it as well. Be sure that any installations of the plugin or themes that use it are using the most recent version (4.6 right now ).

If you have any questions about this update please let us know.

This entry was posted in General and tagged . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s