Return to previous page

Vulnerability Slider Revolution - by joao_cg

This topic has 8 replies, 3 voices, and was last updated 9 years, 11 months ago ago by Eva Kemp

joao_cg

Participant

December 17, 2014 at 19:18

Can you tell me if this note is true?

What is the fix for this?

“About 2 months ago , someone publicly disclosed a serious vulnerability in the WordPress Plugin Slider Revolution Premium which allows a remote attacker to download any file from the server .

The shared concept of evidence through illegal sites shows how someone can easily download the wp -config.php :

http://victim.com/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php

This is used to steal the credentials of the database , which then allows you to compromise the site through the database.

This type of vulnerability is known as a Local File Inclusion attack ( LFI ) . The attacker is able to access, review , download a local file on the server. This, in case you’re asking is a very serious vulnerability that should be addressed immediately.”

#30114 Copied

7 Answers

Eva Kemp

Support staff

December 17, 2014 at 20:09

Hello,

That notice is related to old versions of Revolution Slider plugin.
What version are you using?
Please provide us with FTP credentials and we’ll update the plugin for you.

Thank you.
Regards,
Eva Kemp.

#30124 Copied

joao_cg

Participant

December 17, 2014 at 20:18

My version is the former New .

#30127 Copied

Eva Kemp

Support staff

December 17, 2014 at 21:27

Hello,

Is the version 4.6.5?
If so you don’t need worry about that notice.

Regards,
Eva Kemp.

#30153 Copied

joao_cg

Participant

December 17, 2014 at 23:46

2.4.1

#30180 Copied

Eva Kemp

Support staff

December 18, 2014 at 10:14

Hello,

You’re talking about theme version, which now is 2.5. Please update the theme and create a back up of your files and database before update.
Is your Revolution plugin of 4.6.5 version?

Regards,
Eva Kemp.

#30225 Copied

Eric Bornhop

Participant

December 22, 2014 at 07:36

I received an email from my hosting saying there is a major vulnerability issue with my revolution slider. I temporarily disabled this plugin bc the version I was using was 4.1.4 even though i have loaded the latest Legenda update 2.5. Can you update my revolution slider to the most current version

Please, contact administrator
for this information.

#30632 Copied

Eva Kemp

Support staff

December 22, 2014 at 12:27

Hello @emoney7777,

I’ve updated the plugin for you.
Please check.

Regards,
Eva Kemp.

#30678 Copied
Tagged: revolution, slider, templates, vulnerability, woocommerce, wordpress
Viewing 8 results - 1 through 8 (of 8 total)