Vulnerability on Slider Revolution and Showbiz Pro

  • Resolved
    Posted in: Boldial WP  

  • Member
    September 18, 2014 at 1:17 pm #4696

    Hey guys, I’ve just received this email from Envato, and I would like to have your words about this:

    We’re getting in touch to inform you about a serious vulnerability in a WordPress plugin that was included with a theme(s) you purchased from ThemeForest. You’ve purchased:

    Boldial WP – Flat Creative Theme with 3D Portfolio
    This vulnerability allows attackers to access the servers of all sites using older versions of the Slider Revolution and Showbiz Pro (WordPress) plugins by ThemePunch. The vulnerability exists for all versions of Slider Revolution earlier than version 4.2 (released in February 2014) and all versions of Showbiz Pro (WordPress) earlier than 1.5.3 (released in January 2014).

    We recommend you take the following steps to secure your sites immediately:

    Step 1: Check Plugin Versions

    Log into the WordPress admin area
    Go to the plugins screen
    Locate Slider Revolution and/or Showbiz Pro plugin(s) in the list
    Check the version number(s)
    If you have a version of Revolution Slider plugin that is 4.2 or higher, or Showbiz Pro that is 1.5.3 or higher, your plugin has already been patched. No further action is required.
    If you are using an earlier version, you need to download a patched version of the plugin and install it immediately (instructions below).
    Step 2: Install Patched Plugin (If Necessary)

    Make a backup of your site
    Download the theme again from the downloads page (to get a secure version)
    Locate the downloaded zip file on your computer and unzip it
    Locate the revslider and/or showbiz folders. If you are not able to locate the folders, please contact the theme author.
    Connect to your server using an FTP client and go to the wp-content/plugins/ folder
    Upload the revslider and/or showbiz folders to the wp-content/plugins/ folder, overwriting the existing files
    Log into WordPress and go to the Plugins page
    Locate the updated plugins in the list and confirm the version(s) are secure
    Update your server password following password best practices
    If you used this theme(s) in projects for clients, please help them to secure their sites as well.

    We take security seriously at Envato and would like to apologize to everyone affected. More information about the situation and how we are handling it is available in our official announcement.

    Thank you for your cooperation and support.
    The Envato Team

    Sorry, this forum is for verified users only. Please Login / Register to continue
    or get 6 months support forum access to all forum topics for a reduced price.

Comments are closed.