Critical vulnerability in slider plugin for Wordpress Slider Revolution

Friday, 13 March 2015 02:03

Back in September 2014 published a critical vulnerability in the popular plugins for Wordpress Slider Revolution, but to this day we meet a lot of sites exposed the vulnerability. 

The vulnerability allows, with absolutely no rights on your site, download wp-config.php file to your site, which contains your data to access the database. With these approaches, an attacker can easily gain control over your site. Vulnerability affects all versions of the plug-in to version 4.1.4. The situation is complicated by the fact that this plugin is not free, it cost $ 18, and so many people from CIS countries use on their websites older versions downloaded from free resources, subject to this vulnerability because they do not have access to updates.

Query, download your config looks like this:

http://websait.com/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php

You can replace websait.com address of your website and enter this query in the address bar of your site.

However, even if it does not download a file to your config, it does not mean that your site is not vulnerable. Check the version of the plug, if it is lower than 4.1.4, you should in any case be updated and check your website for hacking.

Currently available plug-in Patch for Revolution Slider, which supposedly closes this vulnerability. So whether it is in fact, we unfortunately did not check.

At any time you can get help from our experts, we will help to update the plug-in, close the vulnerability, delete malicious code and protect your site from hacking.

 


Leave a comment

  • Payment
    Methods:
  • visa
  • mastercard
  • qiwi
  • webmoney
  • yandex money
  • sberbank
  • mts bank
  • zpayment
  • liqpay
  • alfabank white
Copyright © 2012 - 2019 WebPatron Ltd. All rights reserved.