Vulnerability Slider Revolution - by joao_cg

This topic has 8 replies, 3 voices, and was last updated 9 years, 12 months ago ago by Eva Kemp

  • Avatar: joao_cg
    joao_cg
    Participant
    December 17, 2014 at 19:18

    Can you tell me if this note is true?

    What is the fix for this?

    “About 2 months ago , someone publicly disclosed a serious vulnerability in the WordPress Plugin Slider Revolution Premium which allows a remote attacker to download any file from the server .

    The shared concept of evidence through illegal sites shows how someone can easily download the wp -config.php :

    http://victim.com/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php

    This is used to steal the credentials of the database , which then allows you to compromise the site through the database.

    This type of vulnerability is known as a Local File Inclusion attack ( LFI ) . The attacker is able to access, review , download a local file on the server. This, in case you’re asking is a very serious vulnerability that should be addressed immediately.”

    7 Answers
    Avatar: Eva
    Eva Kemp
    Support staff
    December 17, 2014 at 20:09

    Hello,

    That notice is related to old versions of Revolution Slider plugin.
    What version are you using?
    Please provide us with FTP credentials and we’ll update the plugin for you.

    Thank you.
    Regards,
    Eva Kemp.

    Avatar: joao_cg
    joao_cg
    Participant
    December 17, 2014 at 20:18

    My version is the former New .

    Avatar: Eva
    Eva Kemp
    Support staff
    December 17, 2014 at 21:27

    Hello,

    Is the version 4.6.5?
    If so you don’t need worry about that notice.

    Regards,
    Eva Kemp.

    Avatar: joao_cg
    joao_cg
    Participant
    December 17, 2014 at 23:46

    2.4.1

    Avatar: Eva
    Eva Kemp
    Support staff
    December 18, 2014 at 10:14

    Hello,

    You’re talking about theme version, which now is 2.5. Please update the theme and create a back up of your files and database before update.
    Is your Revolution plugin of 4.6.5 version?

    Regards,
    Eva Kemp.

    Avatar: emoney7777
    Eric Bornhop
    Participant
    December 22, 2014 at 07:36

    I received an email from my hosting saying there is a major vulnerability issue with my revolution slider. I temporarily disabled this plugin bc the version I was using was 4.1.4 even though i have loaded the latest Legenda update 2.5. Can you update my revolution slider to the most current version

    Please, contact administrator
    for this information.
    Avatar: Eva
    Eva Kemp
    Support staff
    December 22, 2014 at 12:27

    Hello @emoney7777,

    I’ve updated the plugin for you.
    Please check.

    Regards,
    Eva Kemp.

  • Viewing 8 results - 1 through 8 (of 8 total)

The issue related to '‘vulnerability Slider Revolution’' has been successfully resolved, and the topic is now closed for further responses

We're using our own and third-party cookies to improve your experience and our website. Keep on browsing to accept our cookie policy.