Slider Revolution is a very popular plugin for WordPress that allows users to add slides with a selection of transition effects and options to any WordPress page or post.
Currently, there is a vulnerability in older versions of this plugin that can allow malware access to your database directly through the front of your website.
If you use the Slider Revolution plugin or have purchased a theme from ThemeForest / The Envato Marketplace where this plugin could have been bundled, please read on to find out how you can update your plugin to be safe.
To see if you have this plugin, go to Plugins in your wp-admin. You will see an entry like this one if you have the plugin installed:
If your version number is lower than 4.2 (such as this 3.0.95), you are vulnerable.
If You Have a Vulnerable Version
If your plugin is outdated and shows an option to update it, please back up your site and then update the plugin.
Unfortunately a lot of themes bundled with this plugin don’t have a true license — that is, they came with the plugin but no updates for it. Many developers also used this plugin without passing on the license, so the end-user doesn’t have the means to update it. In that case, you will need to purchase the $18 plugin and upgrade it yourself.
If you have this plugin, you must update it immediately. Once word of the vulnerability gets out, there will be more attacks on all outdated versions of the plugin.
If your site is behaving funny in any way, you may have already been compromised. If you are worried, please grab a security audit to get your site checked out and locked down. The longer a site goes with an infection, the more damage will be done.
Questions? Please e-mail me or leave a comment below. I just want to make sure everyone stays safe, as this is a huge issue that can potentially impact many small business owners!