Return to previous page

Vulnerability Slider Revolution - by joao_cg

This topic has 8 replies, 3 voices, and was last updated 9 years, 5 months ago ago by Eva Kemp

  • Avatar: joao_cg
    joao_cg
    Participant
    December 17, 2014 at 19:18

    Can you tell me if this note is true?

    What is the fix for this?

    “About 2 months ago , someone publicly disclosed a serious vulnerability in the WordPress Plugin Slider Revolution Premium which allows a remote attacker to download any file from the server .

    The shared concept of evidence through illegal sites shows how someone can easily download the wp -config.php :

    http://victim.com/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php

    This is used to steal the credentials of the database , which then allows you to compromise the site through the database.

    This type of vulnerability is known as a Local File Inclusion attack ( LFI ) . The attacker is able to access, review , download a local file on the server. This, in case you’re asking is a very serious vulnerability that should be addressed immediately.”

    #30114 Copied
    7 Answers
    Avatar: Eva
    Eva Kemp
    Support staff
    December 17, 2014 at 20:09

    Hello,

    That notice is related to old versions of Revolution Slider plugin.
    What version are you using?
    Please provide us with FTP credentials and we’ll update the plugin for you.

    Thank you.
    Regards,
    Eva Kemp.

    #30124 Copied
    Avatar: joao_cg
    joao_cg
    Participant
    December 17, 2014 at 20:18

    My version is the former New .

    #30127 Copied
    Avatar: Eva
    Eva Kemp
    Support staff
    December 17, 2014 at 21:27

    Hello,

    Is the version 4.6.5?
    If so you don’t need worry about that notice.

    Regards,
    Eva Kemp.

    #30153 Copied
    Avatar: joao_cg
    joao_cg
    Participant
    December 17, 2014 at 23:46

    2.4.1

    #30180 Copied
    Avatar: Eva
    Eva Kemp
    Support staff
    December 18, 2014 at 10:14

    Hello,

    You’re talking about theme version, which now is 2.5. Please update the theme and create a back up of your files and database before update.
    Is your Revolution plugin of 4.6.5 version?

    Regards,
    Eva Kemp.

    #30225 Copied
    Avatar: emoney7777
    Eric Bornhop
    Participant
    December 22, 2014 at 07:36

    I received an email from my hosting saying there is a major vulnerability issue with my revolution slider. I temporarily disabled this plugin bc the version I was using was 4.1.4 even though i have loaded the latest Legenda update 2.5. Can you update my revolution slider to the most current version

    Please, contact administrator
    for this information.
    #30632 Copied
    Avatar: Eva
    Eva Kemp
    Support staff
    December 22, 2014 at 12:27

    Hello @emoney7777,

    I’ve updated the plugin for you.
    Please check.

    Regards,
    Eva Kemp.

    #30678 Copied

  • Tagged: , , , , ,

  • Viewing 8 results - 1 through 8 (of 8 total)

The issue related to '‘vulnerability Slider Revolution’' has been successfully resolved, and the topic is now closed for further responses

Useful links WooCommerce & WordPress

Unleash your online potential

Explore our best WordPress WooCommerce Themes collection

lazy-placeholder
Hipster Store – WordPress WooCommerce Theme
lazy-placeholder
Business Card – WordPress Theme
lazy-placeholder
Industrial Power Tools Store – WordPress WooCommerce Theme
lazy-placeholder
Shoes Store – WordPress WooCommerce Theme
lazy-placeholder
Architecture – WordPress Theme
lazy-placeholder
Electron Store 01 – WordPress WooCommerce Theme
lazy-placeholder
SEO Agency – WordPress WooCommerce Theme
lazy-placeholder
Marseille04 – WordPress WooCommerce Theme
lazy-placeholder
Fishing – WooCommerce Theme
lazy-placeholder
Ecoenergy – WordPress WooCommerce Theme

See All Templates

We're using our own and third-party cookies to improve your experience and our website. Keep on browsing to accept our cookie policy.