[SingCERT] WordPress RevSlider Plugin Vulnerability

Published on Monday, 30 March 2015 19:56

[ Background ]

A vulnerable WordPress plugin (RevSlider) may be used to compromise websites to embed iframes and exploit kits, and websites may also be defaced.


[ Affected Software ]

  • WordPress RevSlider Plugin Version 4.6.5 and below


[ Recommendations ]

For website owners

  • Upgrade the RevSlider plugin as soon as possible.
  • Remove all administrator accounts and create a brand new administrator account and password for the new administrator account.
  • Check for modified files and replace them with a clean copy from the official WordPress website.
  • Keep WordPress and all its plugins up-to-date. For plugins that are no longer being developed or supported, it will be advisable to find alternatives to replace them. If alternatives are not available, the plugin should be removed.

For end-users

  • Keep your anti-malware solution up-to-date.
  • Backup your files regularly.


[ References ]

http://blog.0x3a.com/post/114659871819/thousands-of-compromised-wordpress-websites
http://blog.sucuri.net/2014/12/revslider-vulnerability-leads-to-massive-wordpress-soaksoak-compromise.html
http://blog.0x3a.com/post/110052845124/an-in-depth-analysis-of-the-fiesta-exploit-kit-an
https://wordpress.org/plugins/patch-for-revolution-slider/