WordPress Plugin Security Alert: Revolution Slider
Revolution Slider WordPress Plugin
Excerpt from Code Canyon:
Slider Revolution is an innovative, responsive WordPress Slider Plugin that displays your content the beautiful way. Whether it’s a Slider, Carousel, Hero Scene or even a whole Front Page, the visual, drag & drop editor will let you tell your own stories in no time!
Vulnerability – Local File Disclosure
The vulnerability can be exploited to execute a local file inclusion (LFI) attack that gives hackers access to a WordPress site’s wp-config.php file and infact any file on the server. Th wp-config file is a critical file in the operation of WordPress.
None currently available – To be advised.
This vulnerability was found in version 4.1.4, check if you have this version installed and update to the fixed version 4.2 and higher.