The Sucuri team recently published a critical vulnerability in one of the popular slider plugins – WordPress Slider Revolution Premium Plugin. The bug has been fixed by the developers in version 4.2 of the plugin. The popular slider plugin is hosted on CodeCanyon as a standalone offering and also bundled along with a lot of theme packages.
The vulnerability is very severe in nature and can allow attackers to gain complete access to your site by compromising your database credentials. The issue belongs to a category known as Local File Inclusion (LFI) attack. It allows the attacker to download any file from the server, including wp-config.php. An example of this exploit is as follows –
Considering the severity of the issue, all users using this plugin must upgrade to version 4.2 immediately. The team at blogVault scanned our customer sites for the vulnerable plugin and found at least 356 sites that needed the upgrade. A notification has been sent to all these customers warning them about the vulnerable plugin and its associated severity. Needless to say, this proactive notification is restricted to our esteemed customer only. Our service extends beyond regular backups, unlike any other backup plugin. Sign up for blogVault to avail the benefits of the best backup service for your site.