RevSlider – WordPress vulnerability
We’ve been seeing a sharp rise in WordPress hackings due to a security issue with the extremely popular RevSlider if it is allowed to become outdated: http://blog.sucuri.net/2014/12/revslider-vulnerability-leads-to-massive-wordpress-soaksoak-compromise.html
One of the main issues is that the Plugin is sold to theme developers who then bundle it in. Due to this,
it may not show as needing an update in the admin panel plugins list or that any updates are available for it. If in your Plugins list, RevSlider has a version less than 4.2 it is vulnerable. If you scan the site using http://sitecheck.sucuri.net – you can go to the ‘Website Details’ tab and it will tell you if the RevSlider is vulnerable.
RevSlider Plugin outdated: Upgrade required.
Outdated RevSlider Found. Serious risk: Under 4.1.4
If the WordPress instance has RevSlider version less than 4.2, check your plugins list to see if there is an update available. Please note it may not show an update being available despite needing to be updated so read on…
If the WordPress instance has RevSlider less than 4.2, and you use a prebuilt theme, you’ll need to contact the theme developer to see if there is a theme update out (It won’t always flag this if it isn’t in the official repository). If there are no updates out or if the theme developer has not implemented a new version, you’ll need to buy the latest version direct to get the latest update and secure it – http://codecanyon.net/item/slider-revolution-responsive-wordpress-plugin/2751380. Once installed re-run your site through the Securi link above and it should report all clear.
Agencies please note: You’ll need to update each WordPress instance’s version of RevSlider. Failing to do so may result in the sites being hacked, and potentially issues such as the site being used as a spam relay/being blacklisted etc.