[Security] Slider Revolution Plugin Vuln


Thursday, September 4th, 2014 - General

A critical vulnerability has been found in the Slider Revolution plugin that is popular in WordPress either as a stand alone plugin or packaged with many different themes.

We are working on getting messages sent out to users that may have been affected by this.

If you receive a notice from us that has information pertaining to a Slider Revolution plugin found on your account, pay special attention to the lines:

Installed Version: XX.XX.XX

If the XX.XX.XX is greater than (but not equal to) 4.1.4 (for example 4.2, 4.3.8, 4.5.9, etc) but less than 4.6 then technically you are using an out of date version of Slider Revolution, and you may want to get with your theme vendor or web designer to see about updating this to the latest version. But there is no known security risk for you at this time.

If the XX.XX.XX is equal to or less than 4.1.4 (for example, 4.1.4, 4.1.3, 3.0.95, 2.3.91, etc) THEN YOU NEED TO TAKE IMMEDIATE ACTION. Your version of Revolution Slider is exploitable and your website and web hosting account is at risk and may have already been compromised. Contact your theme vendor or web developer IMMEDIATELY.

(Added September 11, 2014 6:33PM EDT)

If you received a message from us that sent you to this blog, then you need to check and make sure the Slider Revolution plugin on your website is up to date. If you are using a theme that is using Slider Revolution then you will need to update that theme, assuming that the theme developers have updated the Slider Revolution that is packaged with their theme. You will have to contact your individual theme vendor or developer for more information on this.

If you installed Slider Revolution as a stand alone plugin, you will need to update it. See:

Slider Revolution Responsive WordPress Plugin

for more information.

I am sorry that we cannot be of much more help regarding this. Slider Revolution isn’t something we created or developed and play no role in it. You will have to contact the companies and individuals that you installed this from for more information. We are only passing on information that this has been compromised.

Additional Information concerning this exploit can be found at:

Slider Revolution Plugin Critical Vulnerability Being Exploited

IMPORTANT NOTE
If you do nothing regarding this then it is very likely that your website and your web hosting account will be compromised. It is probably a good idea to go ahead and change all of your passwords, just for good measure. Including your WordPress passwords and your MySQL passwords.

This is a very serious exploit and should be treated as such.

Steven – AMS Support