Mika Epstein, Ipstenu, of Dreamhost, notified us today of a serious vulnerability in the WordPress Slider Revolution Premium plugin which was patched silently.
It turns out that the vulnerability was disclosed via some underground forums, this led to a fix by the developers a few weeks later. The developer did not see a need to disclose this vulnerability to anyone, including it’s user base.
This a very popular plugin, and appears to be one of the most downloaded slider plugins from Envato’s Marketplace – Code Canyon. It also appears to be bundled in theme packages so be sure to check your theme / plugins.
This is an example of where things go terribly wrong.
more here............http://blog.sucuri.net/2014/09/slider-revolution-plugin-critical-vulnerability-being-exploited.html
It turns out that the vulnerability was disclosed via some underground forums, this led to a fix by the developers a few weeks later. The developer did not see a need to disclose this vulnerability to anyone, including it’s user base.
This a very popular plugin, and appears to be one of the most downloaded slider plugins from Envato’s Marketplace – Code Canyon. It also appears to be bundled in theme packages so be sure to check your theme / plugins.
This is an example of where things go terribly wrong.
more here............http://blog.sucuri.net/2014/09/slider-revolution-plugin-critical-vulnerability-being-exploited.html