5 Slider Revolution Vulnerabilities

Hello,

For some time now, all versions of the Slider Revolution plugin up to and including version 7.0.14 have been affected by several security vulnerabilities.

The list of vulnerabilities is as follows:

Vulnerability found: Slider Revolution 7.0.0 - 7.0.10 - Subscriber+ Arbitrary File Upload via _get_media_url

Vulnerability found: Slider Revolution < 7.0.10 - Unauthenticated Sensitive Information Exposure via 'sliders/stream'

Vulnerability found: Slider Revolution 6.0.0-6.7.55 and 7.0.0-7.0.14 - Missing Authorization to Authenticated (Contributor+) Arbitrary Plugin Deactivation

Vulnerability found: Slider Revolution 7.0.0 - 7.0.14 - Incorrect Authorization to Authenticated (Contributor+) Sensitive Information Exposure

Vulnerability found: Slider Revolution 7.0 - 7.0.10 - Authenticated (Subscriber+) Sensitive Information Disclosure


Links with the vulnerabilities:

[Links visible only for registered users]

[Links visible only for registered users]

[Links visible only for registered users]

[Links visible only for registered users]


That's five vulnerabilities affecting a single plugin, yet Betheme only allows updating Slider Revolution up to version 6.7.58.

Could you please make it possible to update the Slider Revolution plugin through Betheme to a version newer than 7.0.14 so that we are not exposed to these security risks?


Thank you!

Best regards.

Comments

  • Hello,

    Thank you for bringing this to our attention.

    We take security concerns very seriously. To clarify how this affects your website and what the current status is regarding the reported Slider Revolution vulnerabilities, please note the following:

    • Official Support: Betheme officially supports Slider Revolution 6. Please note that version 7 is not supported by our theme at this time.
    • Plugin Updates: The Slider Revolution development team actively maintains and pushes security updates to both version 6 and version 7 branches simultaneously.
    • Current Latest Version: The latest available version for the 6.x branch is 6.7.58, which is already available for all Betheme clients to download and update.

    Please Note: Because Slider Revolution is a bundled third-party plugin, we are entirely dependent on their development team to release the actual security patches. Until the Slider Revolution team rolls out a new update addressing these specific vulnerabilities, there is unfortunately nothing we can do on our end.

    We highly recommend ensuring that you have updated to version 6.7.58 in the meantime. As soon as the plugin authors release a new patch, we will make it available to our users immediately.

    Best regards

  • I understand. What I'm wondering is whether, at some point in the future, Betheme will become compatible with Slider Revolution version 7, especially once they stop providing security support for version 6.

    Otherwise, we could end up facing a significant problem.

  • With Slider Revolution 7, the plugin author has decided to release a version that is not compatible with sliders created in version 6 and limits the number of sliders available under the lifetime license to three. All our demos that use Slider Revolution have been built with SR6, and many of our customers use more than three sliders on their websites.

    As a result, we officially supports up to version 6 only, which is provided under the Envato Bundled license, and at the moment we do not have plans to extend the support to version 7.


    Best regards

Sign In or Register to comment.
This website uses cookies

We use cookies to personalise content and ads, to provide social media features and to analyse our traffic. We also share information about your use of our site with our social media, advertising and analytics partners who may combine it with other information that you’ve provided to them or that they’ve collected from your use of their services.

Cookies are small text files that can be used by websites to make a user's experience more efficient.

The law states that we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies we need your permission. This means that cookies which are categorized as necessary, are processed based on GDPR Art. 6 (1) (f). All other cookies, meaning those from the categories preferences and marketing, are processed based on GDPR Art. 6 (1) (a) GDPR.

This site uses different types of cookies. Some cookies are placed by third party services that appear on our pages.

You can at any time change or withdraw your consent from the Cookie Declaration on our website.

Learn more about who we are, how you can contact us and how we process personal data in our Privacy Policy.

Please state your consent ID and date when you contact us regarding your consent.