Community Forums › Forums › Archived Forums › General Discussion › Update Slider Revolution Now: Plugin Critical Vulnerability Being Exploited
Tagged: security, Slider Revolution
- This topic has 3 replies, 3 voices, and was last updated 10 years, 1 month ago by Tom.
-
AuthorPosts
-
September 3, 2014 at 1:21 pm #122641TomParticipant
This is probably something that requires broad reporting so everyone can protect their sites ASAP. Not everyone will be following Sucuri or catch this via social media.
If you use Slider Revolution you should update to the latest version ASAP:
http://blog.sucuri.net/2014/09/slider-revolution-plugin-critical-vulnerability-being-exploited.html
Choose your next site design from over 350 Genesis themes.
[ Follow me: Twitter ] [ Follow Themes: Twitter ] [ My Favourite Webhost ]September 3, 2014 at 3:20 pm #122663DTHkellyMemberAccording to ThemePunch, this security issue was fixed with version 4.1.4 back in February.
http://codecanyon.net/item/slider-revolution-responsive-wordpress-plugin/2751380/comments
Current version is 4.6 (August 26, 2014)
September 3, 2014 at 6:35 pm #122683SummerMemberIt sounds like the bigger problem is that the plugin makers didn't notify anyone they were fixing an extreme security issue, and that premium theme makers who'd bundled the plugin had no idea that it had been updated, meaning there are now lots of people running premium themes that have older versions of this plugin bundled in that are vulnerable, and they had no idea about it. The plugin doesn't notify bundled owners that there are updates available, apparently?
Yikes, that's a scary one... one of those themes was being used by a client of mine until I switched them over to Genesis 2 years ago after taking them on.
WordPress / Genesis Site Design & Troubleshooting: A Touch of Summer | @SummerWebDesign
Slice of SciFi | Writers, After DarkSeptember 3, 2014 at 7:59 pm #122690TomParticipant@kellylise That may be true, but this goes far beyond announcing a changelog update with a generic message buried 14 lines deep giving no detail "Fixed Security Issue". It was tricky at first, leading to the "silent update", trying not to open the hacker floodgates by making the vulnerability known. But direct purchasers are reporting being hacked. This may be a "a 'old' security issue which has was identified and resolved 29 Updates ago" but it's not fixed until the code is in place.
This should now be more broadly publicized. The black hats have been in the know, now actual Slider Revolution customers need to be aware of the actual threat. Without that direct line to all of their customers an no method to do direct updates or notifications, perhaps a note here can prompt site owners and maintainers to have a good look at their sites that may use this plugin.
Silent Update: http://codecanyon.net/item/slider-revolution-responsive-wordpress-plugin/2751380/comments#comment_7682360
Choose your next site design from over 350 Genesis themes.
[ Follow me: Twitter ] [ Follow Themes: Twitter ] [ My Favourite Webhost ] -
AuthorPosts
- The forum ‘General Discussion’ is closed to new topics and replies.