Sucuri has discovered a very serious vulnerability in the ‘Slider Revolution’ plugin. All versions below 4.2 are exploitable.
As the Sucuri blog post points out, this is serious. This vulnerability can allow an attacker to read any file on the system that the PHP process can access. One obvious target is the
wp-config.php file, which contains the username and password for your WordPress database, making it a common target.
Version 1.6.5 of the VaultPress plugin has a new hot fix that protects against attempts to exploit the vulnerability. If you have provided SSH, SFTP, or FTP access to us, then we’ve already pushed out the updated plugin to your site.
If you have not provided us SSH, SFTP, or FTP access, please download VaultPress version 1.6.5 and install it.
To allow us to update your plugin remotely with security hot fixes, add or update remote access credentials in your VaultPress.com account dashboard.
While the ‘Slider Revolution’ is a plugin, there are also themes that ship with it as well. Be sure that any installations of the plugin or themes that use it are using the most recent version (4.6 right now ).
If you have any questions about this update please let us know.