Revolution Slider Security Vulnerability Revealed – [SECURITY ALERT]

Updated: May 18, 2017
Filed Under:

Share on facebook
Facebook
Share on twitter
Twitter
Share on reddit
Reddit
Share on linkedin
LinkedIn
Share on email
Email
Cost

Version Effected: 4.2 and under

The security team at Sucuri publicized a critical vulnerability found in the WordPress Slider Revolution plugin on September 3rd, 2014. The bug has since been patched, but the development team for Slider Revolution kept silent about it and did not notify their users of the importance of updating.

The popular commercial slider plugin is hosted on Codecanyon, an offshoot of EnvatoMarket. The slider is bundled in theme packages, such as Avada, Themeforest’s top-selling theme. It’s also packaged with other themes and used independently on thousands of websites.

I personally checked the vulnerability against several of my websites and found several that were susceptible. It's quite sad that Theme Punch, the developer of the plugin, didn't inform theme developers of the issue. Many themes don't receive updates and are vulnerable.

Users Advised to Update Slider Revolution Immediately

If you have any sites that have Revolution Slider that was bundled with a theme that you purchased, you can open a ticket here: http://themepunch.ticksy.com

They will promptly reply with a link to dropbox with the latest version of their plugin, version 4.6.

To stay updated on WordPress security matters, join the WPCrafter newsletter.

UPDATE: At the request of ThemePunch, I have edited this post to include the version number effected and the date this all became public. This is still an urgent matter, I have seen numerous WordPress websites hacked as a result of this vulnerability.

Sorry, we couldn't find any posts. Please try a different search.

Adam @ WPCrafter

My passion is making the best quality video tutorial online, for non-techies. When I am not behind the camera, I am usually helping out one of my YouTube subscribers.
how-to-make-website

How To Make A Website 2019

best-WordPress-webhost

Best WordPress Hosts 2019

website-hosting-discount

InMotion Hosting

50% Discount Offer

free-course-offer

Free Course Offer

WordPress Starter Course

3 thoughts on “Revolution Slider Security Vulnerability Revealed – [SECURITY ALERT]”

  1. Hi,

    you wrote “The security team at Sucuri publicized a critical vulnerability found in the WordPress Slider Revolution plugin today.”. Would be awesome if you could include a date since this is very confusing for your readers.

    “The bug has since been patched, but the development team for Slider Revolution kept silent about it and did not notify their users of the importance of updating.” Communicated by us and Envato and updated long ago (like you mentioned).

    When mentioning version 4.6 it probably would be useful if you could mention that the vulnerability was remove from version 4.2 and younger.

    We would be happy if we could help to make your article a little more accurate since you could not see the whole story but only the Sucuri articles which only hold information necessary for their matters.

    Cheers from your Team @ ThemePunch

    1. Pawel from Clusteric

      @themepunch – Thousands of websites hacked, still today.
      Plugin not available in the repository, so WP in plugin section says its the last version.
      Personally, I advise every customer to update plugins as often as possible, but with plugin distribution outside the official repository it’s difficult.

Leave a Comment

Your email address will not be published. Required fields are marked *