This topic has 8 replies, 3 voices, and was last updated 9 years, 12 months ago ago by Eva Kemp
Can you tell me if this note is true?
What is the fix for this?
“About 2 months ago , someone publicly disclosed a serious vulnerability in the WordPress Plugin Slider Revolution Premium which allows a remote attacker to download any file from the server .
The shared concept of evidence through illegal sites shows how someone can easily download the wp -config.php :
http://victim.com/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php
This is used to steal the credentials of the database , which then allows you to compromise the site through the database.
This type of vulnerability is known as a Local File Inclusion attack ( LFI ) . The attacker is able to access, review , download a local file on the server. This, in case you’re asking is a very serious vulnerability that should be addressed immediately.”
Hello,
That notice is related to old versions of Revolution Slider plugin.
What version are you using?
Please provide us with FTP credentials and we’ll update the plugin for you.
Thank you.
Regards,
Eva Kemp.
My version is the former New .
Hello,
Is the version 4.6.5?
If so you don’t need worry about that notice.
Regards,
Eva Kemp.
2.4.1
Hello,
You’re talking about theme version, which now is 2.5. Please update the theme and create a back up of your files and database before update.
Is your Revolution plugin of 4.6.5 version?
Regards,
Eva Kemp.
I received an email from my hosting saying there is a major vulnerability issue with my revolution slider. I temporarily disabled this plugin bc the version I was using was 4.1.4 even though i have loaded the latest Legenda update 2.5. Can you update my revolution slider to the most current version
Hello @emoney7777,
I’ve updated the plugin for you.
Please check.
Regards,
Eva Kemp.
Tagged: revolution, slider, templates, vulnerability, woocommerce, wordpress
The issue related to '‘vulnerability Slider Revolution’' has been successfully resolved, and the topic is now closed for further responses