We’re getting in touch to inform you about a serious vulnerability in a WordPress plugin discovered last week that can affect multiple sites.
This vulnerability allows attackers to access the servers of all sites using older versions of the Slider Revolution and Showbiz Pro (WordPress) plugins by ThemePunch. The vulnerability exists for all versions of Slider Revolution earlier than version 4.2 (released in February 2014) and all versions of Showbiz Pro (WordPress) earlier than 1.5.3 (released in January 2014).
We recommend you take the following steps to secure your sites immediately:
Step 1: Check Plugin Versions
- Log into the WordPress admin area
- Go to the plugins screen
- Locate Slider Revolution and/or Showbiz Pro plugin(s) in the list
- Check the version number(s)
- If you have a version of Revolution Slider plugin that is 4.2 or higher, or Showbiz Pro that is 1.5.3 or higher, your plugin has already been patched. No further action is required.
- If you are using an earlier version, you need to download a patched version of the plugin and install it immediately.
If you purchased the plugin in codecanyon.net, access your account and update the plugin. If you purchased a theme, contact with the theme developer and inform about the issue.