Critical Vulnerability in popular WordPress themes

Hackers exploit critical vulnerability in popular WordPress theme component WordPress admins should check if their sites use the Slider Revolution plug-in and update it immediately, researchers said By Lucian Constantin | 04 September 14.

Attackers are actively exploiting a critical vulnerability in a WordPress plug-in that’s used by a large number of themes, researchers from two security companies warned Wednesday.

The vulnerability affects versions 4.1.4 and older of Slider Revolution, a commercial WordPress plug-in for creating mobile-friendly content display sliders. The flaw was fixed in Slider Revolution 4.2 released in February, but some themes — collections of files or templates that determine the overall look of a site — still bundle insecure versions of the plug-in.

The vulnerability can be exploited to execute a local file inclusion (LFI) attack that gives hackers access to a WordPress site’s wp-config.php file, researchers from Web security firm Sucuri said in a blog post. This sensitive file contains database access credentials that can be used to compromise the whole site, the researchers said.

Critical Vulnerability in popular WordPress themes
Scroll to top
Share This

We use cookies to ensure that we give you the best experience on our website. You can retrieve or delete all of your personal data from the GDPR page at any time.