Hackers exploit critical vulnerability in popular WordPress theme component WordPress admins should check if their sites use the Slider Revolution plug-in and update it immediately, researchers said By Lucian Constantin | 04 September 14.

Attackers are actively exploiting a critical vulnerability in a WordPress plug-in that’s used by a large number of themes, researchers from two security companies warned Wednesday.

The vulnerability affects versions 4.1.4 and older of Slider Revolution, a commercial WordPress plug-in for creating mobile-friendly content display sliders. The flaw was fixed in Slider Revolution 4.2 released in February, but some themes — collections of files or templates that determine the overall look of a site — still bundle insecure versions of the plug-in.

The vulnerability can be exploited to execute a local file inclusion (LFI) attack that gives hackers access to a WordPress site’s wp-config.php file, researchers from Web security firm Sucuri said in a blog post. This sensitive file contains database access credentials that can be used to compromise the whole site, the researchers said.

The post Critical Vulnerability in popular WordPress themes appeared first on .