edit-icon download-icon

[Vulnerability notice] Arbitrary file download vulnerability in the Wordpress Slider Revolution plug-in

Last Updated: Nov 27, 2017

Description

Slider Revolution is a WordPress plug-in. The plug-in has a severe security vulnerability that may allow hackers to remotely download files from the server.

Attackers may construct malicious requests to download sensitive files from the server, and further embed website webshell files to control the website server host.

Affected versions

Slider Revolution <= 4.1.4

Fix

Go to the Wordpress management backend, and update Slider Revolution to the latest version.

Thank you! We've received your feedback.