{"id":1940,"date":"2015-06-16T17:42:40","date_gmt":"2015-06-16T17:42:40","guid":{"rendered":"https:\/\/www.hostbigspace.com\/blog\/?p=1940"},"modified":"2015-06-16T17:42:40","modified_gmt":"2015-06-16T17:42:40","slug":"wordpress-critical-revslider-vulnerabilty","status":"publish","type":"post","link":"https:\/\/www.gossdhosting.com\/blog\/general\/wordpress-critical-revslider-vulnerabilty\/","title":{"rendered":"WordPress : Critical revslider vulnerabilty"},"content":{"rendered":"<p><img data-recalc-dims=\"1\" decoding=\"async\" class=\"aligncenter size-full wp-image-1942\" src=\"https:\/\/i0.wp.com\/hostbigs.wwwsgls2.a2hosted.com\/blog\/wp-content\/uploads\/2015\/06\/01_newpreview.jpg?resize=590%2C300\" alt=\"\" width=\"590\" height=\"300\" \/><\/p>\n<p><strong>IMPORTANT UPDATE<\/strong><\/p>\n<p><strong>Protection against vulnerabilities in revslider.<\/strong><\/p>\n<p>Revslider (revolution slider) is a component included by defect in many themes and WordPress templates. Unfortunately, in present days, many vulnerabilities have been found, and some of them are very dangerous.<\/p>\n<p><strong>2014 November 26th<\/strong><\/p>\n<p>A vulnerability which allows to upload and execute a shell in any site, without previous authentication, was discovered.<\/p>\n<p><strong>2015 March 30th<\/strong><\/p>\n<p>A vulnerability which allows to download any file from a server, among these, the configuration file where the access to the data base credentials are found, was discovered.<\/p>\n<p>A patch for same is attached below.<\/p>\n<p><a href=\"https:\/\/www.gossdhosting.com\/blog\/wp-content\/uploads\/2015\/06\/patch-for-revolution-slider.zip\">patch-for-revolution-slider<\/a><\/p>\n<p><strong>2015 May 8th<\/strong><\/p>\n<p>A new vulnerability which allows to upload any file to a server with WordPress (a shell, a phishing site, a script to send spam, for example) and execute it without the need of users and passwords, was found.<\/p>\n<p>\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2013<\/p>\n<p><strong>VERSION 4.1.4 OR OLDER MUST BE UPDATED IMMEDIATELY TO AVOID CRITICAL VULNERABILITY<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"<p>IMPORTANT UPDATE Protection against vulnerabilities in revslider. Revslider (revolution slider) is a component included by defect in many themes and WordPress templates. Unfortunately, in present days, many vulnerabilities have been found, and some of them are very dangerous. 2014 November 26th A vulnerability which allows to upload and execute a shell in any site, without [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":4519,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[3],"tags":[63,130,131,132,46],"class_list":["post-1940","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general","tag-hack","tag-rev-slider","tag-revolution-slider","tag-vulnerability","tag-wordpress"],"blocksy_meta":{"styles_descriptor":{"styles":{"desktop":"","tablet":"","mobile":""},"google_fonts":[],"version":6}},"jetpack_featured_media_url":"https:\/\/i0.wp.com\/www.gossdhosting.com\/blog\/wp-content\/uploads\/2024\/01\/social-image.jpg?fit=1200%2C630&ssl=1","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.gossdhosting.com\/blog\/wp-json\/wp\/v2\/posts\/1940","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.gossdhosting.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.gossdhosting.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.gossdhosting.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.gossdhosting.com\/blog\/wp-json\/wp\/v2\/comments?post=1940"}],"version-history":[{"count":0,"href":"https:\/\/www.gossdhosting.com\/blog\/wp-json\/wp\/v2\/posts\/1940\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.gossdhosting.com\/blog\/wp-json\/wp\/v2\/media\/4519"}],"wp:attachment":[{"href":"https:\/\/www.gossdhosting.com\/blog\/wp-json\/wp\/v2\/media?parent=1940"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.gossdhosting.com\/blog\/wp-json\/wp\/v2\/categories?post=1940"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.gossdhosting.com\/blog\/wp-json\/wp\/v2\/tags?post=1940"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}