Posted on 2014-09-09 21:28:29
A serious security vulnerability has been discovered in two prevalent plugins, Slider Revolution and Showbiz Pro (WordPress). Considering these popular plugins are distributed through many popular WordPress themes from ThemeForest and sold directly on CodeCanyon, an abundance of websites can be expected to be at risk.
What it Does
According to the security blog Sucuri, due to the vulnerability, remote hackers are able to gain access into the servers of any site using outdated versions of these plugins. This includes versions of Slider Revolution earlier than 4.2 (released February 2014) and versions of Showbiz Pro earlier than 1.5.3 (released January 2014). In other words, as long as your plugins are updated to these versions, your website will be safe.
How Do I Know if I’m at Risk?
If You Purchased a Theme from ThemeForest
In response to the vulnerability, Envato contacted each theme’s authors and created a list of potentially affected themes. Check here to see if any of the themes you use are at risk. For users’ convenience, Envato organized the list in two sub-categories: (1) Themes yet to offer a secure update and (2) Themes already offering a secure update.
1. Login to your WordPress Admin site
2. Click on the Plugins link in the sidebar
3. Find the Showbiz Pro and Slider Revolution from plugin
4. The version number will appear on the second line of the Description column (as seen below)
Check your WordPress Admin
You can also check your plugin version directly by following these steps:
This vulnerability is a very serious concern. It has the potential to cause havoc on company websites and allow hackers to download virtually any information they want.
For our clients, we have begun manually updating their WordPress Plugins to ensure quality control. However, if your company is in need of protection, don’t hesitate to reach out to Feynman Group and let our expert web developers give you the security you deserve.
For additional information, hop on over here for step-by-step guides to manually update your WordPress Plugins.