Wordpress Security Alert: Revolution Slider

Update your sites ASAP to avoid server compromise

A major security flaw has been discovered in the most popular Wordpress slider plugin out there, Slider Revolution (aka Revolution Slider). It’s imperative that sites using the plugin update to the latest version immediately.

The vulnerability was first brought to my attention by Envato, the widely used theme and code marketplace (themeforest, codecanyon, etc.). From their notification:

This vulnerability allows attackers to access the servers of all sites using older versions of the Slider Revolution and Showbiz Pro (WordPress) plugins by ThemePunch. The vulnerability exists for all versions of Slider Revolution earlier than version 4.2 (released in February 2014) and all versions of Showbiz Pro (WordPress) earlier than 1.5.3 (released in January 2014).

The fact that this issue is so bad that it can provide server access to the attacker means that system administrators and site owners should get on top of this ASAP. If you host many wordpress sites, you can do a quick search via the command line to locate any sites using the plugin.

find / -type d -name 'revslider'

Once you’ve determined the sites using the offending plugin, you should download the latest version of slider revolution and update the installation by following these steps provided by Envato:

  1. Make a backup of your site

  2. Download the updated plugin

  3. Locate the downloaded zip file on your computer and unzip it

  4. Connect to your server using an FTP client and go to the wp-content/plugins/ folder

  5. Upload the revslider and/or showbiz folders to the wp-content/plugins/ folder, overwriting the existing files

  6. Log into WordPress and go to the Plugins page

  7. Locate the updated plugins in the list and confirm the version(s) are secure

  8. Update your server password

ITWorld DealPost: The best in tech deals and discounts.
Shop Tech Products at Amazon