Slider Revolution Plugin Vulnerability

Sometimes, when you’re cruising along nicely in life, something bad had to happen – like a low-down, good for nothing hacker who discovered a critical vulnerability in the Slider Revolution Plugin and used it to wipe out my entire blog :-(

Yeah, it was bad. The entire WordPress blog got wiped out. I guess that hacker had a bad day and decided to take out his frustration on my blog. This vulnerability in the plugin allows an attacker to download the WordPress’ configuration file – “wp-config.php”  – and view the database connection parameters (username, password and dbserver name).

The latest version of t his popular plugin is 4.6.0 (released on 25th August 2014). Versions 4.1.4 and earlier are vulnerable to hackers. If you’ve purchased this plugin from the Envato marketplace, please contact the vendor and get an update immediately.

It seems that the developers of this plugin, “ThemePunch” released version 4.2 which mentioned that it addressed a ‘security’ issue in the changelog, but did not disclose the magnitude of the severity of the security. As a result of that, many other theme authors who made use of the slider code/plugin did not pay much attention to it and many did not update their code base.

Sadly, it was the low-life worms in the underground (i.e. crackers and hackers) who took this information about the vulnerability seriously and began to circulate it on various underground forums. This went on for several months and on 1st September, someone posted a proof-of-concept of the exploit on a public forum. That’s when all-hell broke loose and many script kiddies took advantage of the exposed vulnerability.

Note: Even if you don’t have this plugin installed, but you’re using a paid/commercial theme, you may want to check with the theme author and ask them if the theme is using an earlier version of this popular plugin. There are many commercial themes that uses the Slider Revolution plugin/code.

In fact, most of the WordPress sites that got hit was because of the vulnerable slider code in the theme files. Even though the developer of this plugin has updated the code and fixed the security hole, many wordpress sites out there are still vulnerable because it all depends on how the theme developers handle the plugin updates.

How to Check If Your WordPress site is vulnerable:

Type this URL into your browser:

http://YOURSITE.COM/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php

 

*note: replace “YOURSITE.COM” with your domain/url.

If you can view the contents of your wp-config file – then you’re vulnerable. Switch theme immediately and contact your theme vendor. If you see a “0” – then you’re safe.