| Search (advanced search) | ||||
Use this Search form before posting, asking or make a new thread.
|
|
09-04-2014, 10:45 AM
(This post was last modified: 09-04-2014 10:48 AM by lowno.)
Post: #1
|
|||
|
|||
|
[GET] RevSlider 4.6 - URGENT SECURITY VULNERABILITY - Must read
If you have any wordpress websites with Revolution Slider on it, this is a must read!
It is URGENT that you update rev slide RIGHT NOW! There is a major security issue that is easy to exploit that requires an update to the plugin. Essentially all anyone has to do is enter the following url on a vulnerable website: http://DOMAIN-HERE/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php That will download the wp-config.php file which includes your database credentials. I checked it on some of my sites and found several vulnerable. It is urgent that you update the plugin. Steps to patch: 1. Download the latest version, here is a link straight from the developer Code: https://www.dropbox.com/s/2m9taf90gheka5d/codecanyon-2751380-slider-revolution-responsive-wordpress-plugin.zip?dl=03. Click on the settings for the plugin and scroll to the very bottom 4. There will be a button on the right to update the plugin 5. Self explanatory from there Do not delete the plugin and reupload because all your sliders will be lost. After you download the latest from the link above, you have to unzip the file and in there you will see the plugin and all the documentation. Let's all keep this bumped for a few days so as many in the community will see it. |
|||
|
09-04-2014, 11:28 AM
Post: #2
|
|||
|
|||
|
RE:
thanks you....
|
|||
|
09-04-2014, 11:46 AM
Post: #3
|
|||
|
|||
|
RE:
Your welcome. Lets get the word out to the BBHF community on this one.
|
|||
|
09-04-2014, 01:26 PM
Post: #4
|
|||
|
|||
|
RE:
I cant even begin to thank you enough for this find you probably just saved ALL my sites. I really hope everyone sees this and fixes their sites asap. This is no joke and everyone using Rev-slider needs this like yesterday. I am still sorta new here but I want to give you max rep for this because like I said I never knew a slider would open a backdoor like this. 1000 Thank You's and max rep from me. I surely wish to bump this one.
|
|||
|
09-04-2014, 01:54 PM
Post: #5
|
|||
|
|||
|
RE:
This is why I love this forum, people helping people.
+5 Rep added - Thank you very much lowno for your awesome share!  |
|||
|
09-04-2014, 02:36 PM
Post: #6
|
|||
|
|||
|
RE:
Thanks guys, lets keep spreading the word on this forum since many of the themes shared do not get updated.
I almost crapped my pants when I saw how easy this hack was. |
|||
|
09-04-2014, 02:48 PM
Post: #7
|
|||
|
|||
|
RE:
The problem was fixed 29 updates back in 4.2 in February. OLD!
|
|||
|
09-04-2014, 04:03 PM
Post: #8
|
|||
|
|||
|
RE:
It doesn't matter when it was fixed if you never knew about it the info is still fresh. It a great share period.
|
|||
|
09-04-2014, 09:46 PM
Post: #9
|
|||
|
|||
|
RE:
d***!! just tried this and its a terrible situation... database password everything... REP+
|
|||
|
09-05-2014, 02:28 AM
Post: #10
|
|||
|
|||
|
RE:
pirata_web: you obviously have no clue. Most people don't buy the plugin to be able to have access to updates. They get it bundled in a theme and most themes are NEVER updated. Add to that, many on BBHF download a shared version of themes so all the more likely that the plugin is not updated.
And Allstar007 is right, the developer didn't notify anyone of the security issue. This wouldn't be that big of a deal if Revolution Slider wasn't included in like every wordpress theme for sale on theme forrest.  |
|||
