Announce WordPress slider revolution plugin vulnerability affects version 4.1.4 and older versions of plugin reported by Iranian Information Technology Security News –itsn.ir–
Although version 4.2 of this plugin, which fixed vulnerability – recently – some themes continue to use have previous version.
The researchers have advised that this vulnerability could be used for Remote File Inclusion (LFI) attacks and allow hackers to access a site “wp-config.php” file. This sensitive file contains data identifying and is where site stores data; the whole site could have danger.
ThemePunch – developer of the Slider Revolution plugin – said version 4.3 had fixed critical security problem, but did not say details or effects of this.
Site users and developers buy this plugin to increase functionality of WordPress. Note when this plugin is combined with themes the automatic update function is disabled. As result, users must wait until plugin have update by their developers, something which often not happen.
Users are advised to check themes and if they have vulnerable version of plugin should alert the theme developers.