We’re getting in touch to inform you about a serious vulnerability in a WordPress plugin that is commonly used:
This vulnerability allows attackers to access the servers of all sites using older versions of the Slider Revolution and Showbiz Pro (WordPress) plugins by ThemePunch. The vulnerability exists for all versions of Slider Revolution earlier than version 4.2 (released in February 2014) and all versions of Showbiz Pro (WordPress) earlier than 1.5.3 (released in January 2014).
We recommend you take the following steps to secure your sites immediately:
Step 1: Check Plugin Versions
- Log into you WordPress admin area
- Go to the plugins screen
- Locate Slider Revolution and/or Showbiz Pro plugin(s) in the list
- Check the version number(s)
- If you have a version of Revolution Slider plugin that is 4.2 or higher, or Showbiz Pro that is 1.5.3 or higher, your plugin has already been patched. No further action is required.
- If you are using an earlier version, you need to download a patched version of the plugin and install it immediately (instructions below).
Step 2: Install Patched Plugin (If Necessary)
- Make a backup of your site
- Log into WordPress and go to the Plugins page
- Run the plugin update for vulnerable versions of Revolution slider or Showbiz Pro
- Locate the updated plugins in the list and confirm the version(s) are secure
- Update your server password following password best practices