Version Effected: 4.2 and under
The security team at Sucuri publicized a critical vulnerability found in the WordPress Slider Revolution plugin on September 3rd, 2014. The bug has since been patched, but the development team for Slider Revolution kept silent about it and did not notify their users of the importance of updating.
The popular commercial slider plugin is hosted on Codecanyon, an offshoot of EnvatoMarket. The slider is bundled in theme packages, such as Avada, Themeforest’s top-selling theme. It’s also packaged with other themes and used independently on thousands of websites.
I personally checked the vulnerability against several of my websites and found several that were susceptible. It's quite sad that Theme Punch, the developer of the plugin, didn't inform theme developers of the issue. Many themes don't receive updates and are vulnerable.
Users Advised to Update Slider Revolution Immediately
If you have any sites that have Revolution Slider that was bundled with a theme that you purchased, you can open a ticket here: http://themepunch.ticksy.com
They will promptly reply with a link to dropbox with the latest version of their plugin, version 4.6.
To stay updated on WordPress security matters, join the WPCrafter newsletter.
UPDATE: At the request of ThemePunch, I have edited this post to include the version number effected and the date this all became public. This is still an urgent matter, I have seen numerous WordPress websites hacked as a result of this vulnerability.