CONFERENCE On Demand: Cyber AI & Automation Summit - Watch Now
Connect with us

Hi, what are you looking for?


Application Security

Vulnerability in Premium WordPress Plugin Exploited in the Wild

A popular WordPress plugin that enables users to easily create responsive sliders is plagued by a security hole that has been actively exploited by cybercriminals, Sucuri reported on Wednesday.

A popular WordPress plugin that enables users to easily create responsive sliders is plagued by a security hole that has been actively exploited by cybercriminals, Sucuri reported on Wednesday.

Slider Revolution is a premium WordPress plugin created by ThemePunch that has been sold over 34,000 times on the snippets and scripts marketplace CodeCanyon. The plugin is also wrapped into several theme packages for WordPress.

A vulnerability was found in version 4.1.4 and older of the plugin, but the flaw was patched by the developer back in February with the release of Slider Revolution 4.2. The company listed a “security fix” in the changelog at the time, but it didn’t provide any details because security firms allegedly advised it not to.

An exploit has been published on hacker forums and is being actively used to compromise websites. On Wednesday alone, Sucuri identified 64 IP addresses attempting to trigger the vulnerability on over 1,000 websites. Data from the security firm shows that the attacks started on August 9 and peaked on August 19 with over 2,500 hits.

According to Sucuri, the zero-day was disclosed via underground forums, so the developer should have actively alerted its customers of the threat, instead of taking the silent patch approach.

The vulnerability can be leveraged to download any file from affected servers, including ones containing sensitive information such as database credentials. With the credentials in hand, an attacker can compromise the targeted website through its database, Sucuri founder and CTO Daniel Cid said in a blog post.

“This type of vulnerability is known as a Local File Inclusion (LFI) attack. The attacker is able to access, review, download a local file on the server. This, in case you’re wondering is a very serious vulnerability that should have been addressed immediately,” Cid explained.

Websites directly using vulnerable versions of Slider Revolution are at risk, but their administrators can easily update their installations via the plugin’s autoupdate feature. The bigger problem is that vulnerable versions of the plugin are bundled with several third-party themes. Users of these themes might not even be aware that Slider Revolution is installed on their website. Furthermore, updates for the themes don’t necessarily contain updates for the included plugins, making the situation confusing for users, Sucuri warns.

Advertisement. Scroll to continue reading.

ThemePunch has published an alert on CodeCanyon advising users of version 4.1.4 and older to update their installations immediately. They have also provided some advice for the users of themes that include Slider Revolution.

“We are sorry for you guys out there whose slider came bundled with a theme and the theme author did not update the slider. Since you cannot use the included autoupdate function please contact your theme author and inform him about his failure!,” the developers said.


Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.


As cybersecurity breaches and incidents escalate, the cyber insurance ecosystem is undergoing rapid and transformational change.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...


A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...


Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.