Published on Monday, 30 March 2015 19:56
[ Background ]
A vulnerable WordPress plugin (RevSlider) may be used to compromise websites to embed iframes and exploit kits, and websites may also be defaced.
[ Affected Software ]
- WordPress RevSlider Plugin Version 4.6.5 and below
[ Recommendations ]
For website owners
- Upgrade the RevSlider plugin as soon as possible.
- Remove all administrator accounts and create a brand new administrator account and password for the new administrator account.
- Check for modified files and replace them with a clean copy from the official WordPress website.
- Keep WordPress and all its plugins up-to-date. For plugins that are no longer being developed or supported, it will be advisable to find alternatives to replace them. If alternatives are not available, the plugin should be removed.
- Keep your anti-malware solution up-to-date.
- Backup your files regularly.
[ References ]