I hope you are aware of this. Any news on an update?
thanks a lot for your feedback ! The Article is new however the problem is still the old Vulnerability issue we had back in February. We fixed the problem in February, and it has been discusses at Sucuri and other security blogs multiple times in September.
We advised to update to version 4.2 or newer asap that time, and still do.
In case you use version 4.2 or newer, you dont need to worry.
However if you update the slider first now, we would recommend a full scan on the site, since you may be already compromised.
Thank you and please let us know if there is anything else we can do for you?
Cheers from your Team @ ThemePunch
Facebook Twitter Support
we are aware that the recent articles in the media are causing a lot of mass confusion.
If you purchased the plugin directly, you can easily update it automatically. For all buyers who got the plugin bundled with a theme that contained a vulnerable version of our plugin, there is a “free update” button on our item page.
Every theme author should have updated their theme download versions by now so there are no themes on the marketplace currently being sold that contain a vulnerable slider revolution version.
Along with keeping your wordpress plugins up to date at all times, you should also install a firewall plugin and scan your websites for potential malware.
Even if you updated a vulnerable plugin after say, a month, a hacker might already have planted a backdoor that can cause your site being “hacked” afterwards.
Again, only doing a full site scan and installing a security/firewall plugin will ensure that your installation is safe, in addition to always keeping your plugins up to date.
As a sidenote:
There recently was a critical vulnerabilty fixed in wordpress 4.0.1 which allowed a similar intrusion to the server.
Incidents like this should emphasize the importance of contantly keeping your plugins up to date!
Hope that clears things up a bit.
Best Regards, ThemePunch
With all the attacks on this plugin I think it’s probably worth releasing at least a base version for free to the public. This is becoming a nightmare. I’ve had several sites get hacked and taken down because of this plugin.
Got it. I have 3 different hosts I work with sending out emails saying that even the more recent version has issues. They are threatening to disable the plugin entirely on my sites if I don’t update to 4.6.5. If the older versions from 4.2 up are fixed, why are the hosts still threatening to disable versions 4.2-4.6?
because the Chaos is big due Blogs which are not research well. Unfortunately we only can advise to updat then to version 4.6.5 before your hoster blocks you. You can redownload the files here at cc for free, or use the Auto Update function in the backend for this.
Let us know if there is anything else we can do for you?
Thanks a lot,
I’m going through and updating them now. I’ve just got clients (who have the host in their name) worrying and emailing me about the issue and wanting to just cut the plugin completely because these hosts keep sending them warnings. And the sites that got hacked (with <4.1) had some major issues with code being injected on every site in their accounts (one had over 20 sites within a dreamhost account affected). I believe the issue is fixed, but convincing clients who are getting constant emails from their hosts or who have been hacked is another story.
I see ! We really sorry to hear again and hope that thing turns to good at you and at your customers.
Please let us know if there is anything else we can do for you !
Hi, im getting Ajax error!!!error whenever I try to create slide. Any idea how I can fix that? ( I already disabled all the plugins, didnt work)
Try switching to the TwentyFourteen as well to see if there’s maybe a conflict with your theme, and then if not, try increasing the memory in your “wp-config.php” file:
Hi, it didnt work, I also increased the memory size :/
please send us your credentials via our Ticket system or per mail and we will take a look for you !
Perfect ! what is your email ?
Hi,you can drop us an email through the contact box on our profile page, or you can directly click on Support to open a ticket at the bottom of this comment. Cheers from your Team @ ThemePunch
Facebook Twitter Support
Ok,can you have a please look on the ticket #337327 ? I have deadline today with the web. Thanx
Hi,already answered! Cheers from your Team @ ThemePunch
Facebook Twitter Support
Hi, We purchased the Norma Theme for our site. Our host (bluehost) flagged our account for the revslider vulnerability and advises us to update to 4.6.5 or we will get blacklisted. Tried to update the plugin, via WP admin, and says it’s current at 4.6. Do we contact the theme author? I’ve read posts here to go to your Envato Marketplace page and no link to “fee update” exists. Just what is the direct link to your item page? (Yes, I am logged in) Please advise, thanks.
?The vulnerability is in version 4.1.4 or earlier. It was patched back in February of this year. If you’re using a more recent version, technically you shouldn’t need to update. But some hosting providers are misinformed, and are requiring that the plugin be updated even when the current version (version 4.2 or higher) is actually secure.
But open a ticket over at our support forum, and we’ll provide you with a copy of the latest version, as well as some instructions for how to update.
Cheers from your Team @ ThemePunch
Facebook Twitter Support
P.S. Please disregard the ? character at the beginning of my last message. It’s just a typo.
I have purchased blaszok theme and I have got your plugin included in that theme.
But unfortunately today I got a mail from blue host :
Slider Revolution Premium Plugin has released a new verison 4.6.5 for their plugin. A recent hack has been found in older versions of this plugin that allows an attacker to download any file from your hosting account, such as the configuration file containing the database passwords. Once the attacker has this information the attacker can comprise your website via the database.
This vulnerability is being exploited currently which is causing numerous domains to become blacklisted by Google. For additional details please refer to this link http://blog.sucuri.net/2014/12/soaksoak-malware-compromises-100000-wordpress-websites.html
Your account was found to have the Slider Revolution Premium Plugin. Due to the vulnerability this creates to your website and our servers we strongly recommend that you upgrade this plugin to the most recent version 4.6.5. We also strongly recommend that you update all of your plugins and themes as the Slider Revolution Plugin is included in a number of other themes and plugins. It is strongly recommend you update your WordPress installation(s) to the most current version at this time as well.
I have checked my plugins area on my website and it is showing that the current version of Slider Revolution is 4.6.5
So is there anything that I need to worry about??
Is there any chance the google will get my webiste blacklisted??
Same problem as Lapeaco.
You need to fix the “free download” for people who purchased slider revolution bundled with an Envato theme today.
Yes I believe the “free download” button needs to be updated. We’ll contact Envato for that.
In the mean-time, ?open a ticket over at our support forum, and we’ll provide you with a copy of the latest version, as well as some instructions for how to update.
Update Request: Google (Matt Cutts) has been pushing for sites to switch to 100% SSL, and it has a small positive effect on SEO. A lot of sites are making the move. Can you please update your plugin to support SSL globally? Specifically in my case, I need the Youtube video functionality to pull videos via https instead of http. Otherwise they generate browser warnings and don’t display on the page. Youtube serves all of their videos via https anyway, so it would be more correct for you to update the code regardless to pull via https.
please update your version to a newer one (best to 4.6.5) since in the last versions we do 100% support yt, vimeo and html5 videos with http and https also.
great thank you. I see why. For some reason the old plugin wasn’t getting highlighted on my wp plugins page when new versions came out.
strange indeed! Happy we could help anyway
We receive an alert from Blue Host to upgrade revolution slider to 4.6.5.
Just want to check how can we update it? Currently we use the theme come with Revolution slider v 4.6.0. But we don’t see any option to update it to 4.6.5 on plugin list?
Open a ticket over at our support forum, and we’ll provide you with a copy of the latest version, as well as some instructions for how to update.
How would I go about changing the thumbnails to display in a vertical direction rather than just horizontal?
thanks for the request. This is not yet possible out of box, only with some customization and custom jQuery code. We have the request on our list and will come of course also in the next updates !
With regards to this soaksoak hack, I got hit by it and the versions of the slider and carousel were well above the version stated that were at risk??
Are you sure the problem is sorted in the new versions?
yes, we are sure that the repoorted issue is solved since February 2014. The problem is that you may have been infected before the update, and there are some existing backdoors, which are still acting after the update. Also not only our old plugins had vulnerability. Also happend to other Plugin developers and even Version 4.0.0 of WordPress has Vulnerabilty ! So we advise to make a full site scan, ask your provider for this, and install Security PLugins like Worddefence to block backdoor activities.
Thanks a lot for you understanding and if you have any further question, please do not hesitate to contact us again !
Thanks, helpful vid for this dumbass attack. https://www.youtube.com/watch?v=_IMIMb8Z43k I actually restored a site from 2013 and imported the new DB, then imediately updated anything, anyone know if this hack resides in databases?
We did not get any information yet about that the Attack resides in db’s. So far we know till today, it does not.
Thanks for the Video share. It has only a small failure. It says “wait for a fix from the developer team” however this issue has been fixed already back in February 2014. So you can Clean up the site, update the plugins to the latest available version (or at least to 4.2) and that should make it !
Thanks a lot again for all your support and feedback,
Hi, is there a way I can only show just one random slide? I tried Shuffle Mode on, Stop Slider on, Stop After Loops 0, Stop At Slide 1, but it always shows the first slide, it doesn’t show a random slide. I am using version 4.65 and latest version of Wordpress. Any suggestion would be greatly appreciated. Best regards, David
if you allow to loop, does it play Shuffle at you? Did you may set an “Alternative first slide” active ? If yes, please remove that setting.
Hi, thanks for replying. I just set the Alternate First Slide to 0, it was 1. I just noticed that it shows all the slides and stops at the first slide (makes 1 loop) even if Stop After Loops is set to 0. I didn’t noticed before because the cursor was on top of the image and it was paused. Is there a way to only show 1 random slide and stop? The website is here: http://seagrantpr.org/v2/
actually if you would turn off the Alternative First slide, and change back to stop at first slide, than it should already work well. Please try to make that change also !
Ok, changed it back to 1 but it keeps showing all the slides and then showing the first slide it showed and then stopping.
please submit a ticket with your wp credentials, and send us a link which is working there also (since the link above does not load) and if possible also ftp access to the plugin, so we can analyze and fix this for you asap !
So I’m getting alarming messages from my hosting company about previous version of this slider being vulnerable to a hacking.
I brought a WP theme that comes packaged with your slider? I have contacted the themes author but have not received a response.
However, in theory if I buy this plug-in form here and activate within the theme will that update the version I already have?
Currently on 4.1.4 which I have done my best to update what I can so far but keen to get this matter resolved.
Thank you in advance
yes, 4.1.4 is exploitable, and you should update asap ! This issue is fixed since February and we mailed and informed all our Users, Theme Authors in September.
Please Mail me asap (Mail us here) and we send you an update to the latest version.
Ive been made aware of the need to update rev slider for a number of sites we use it on. However each site, after updating all plugins within our Wordpress installations, does not say the rev slider is the current version (4.6.5). They are all different versions, with no option to update any further. Why is this?
In case your old versions had no “Auto Update” function included, you may dont see the current version available. As best please update via FTP or Manually via the Slider Backend.
The latest version is 4.6.5 however if you have newer than 4.2. than you are safe. But if you come from older than 4.2 please make sure that you make a full site scan and use firewall on your WP installation, since you may have already backdoors existing on your server.
Ok thank you for that information. I cant find where I can download the latest version on this site??
you can find a “Free update” button on the top right corner of the plugin description page. If you cannot find that one please contact http://themepunch.ticksy.com for a copy.
I have several websites which use revslider 3.1.2 that came bundled with thir party themes. How do I update the plugin?
that is ancient! Please check if you can see a “Download free update” button on the top right corner of the item page here. If not please write to http://themepunch.ticksy.com to receive a copy.
I have combed your website, and the options available inside of themeforest looking for what in your comments across the internet describe as a free update on your products page. I can’t find the actual download anyplace.
I’ve now emailed you requesting that update. I expect it will probably take several hours for that response to come through.
Not a great way to handle this crisis, themepunch.
yes just answered your mail. Sorry to read that the theme author did not update the theme with a secure RevSlider since February!
I had to commute home unfortunately which took me 1,5 hours. So yes you had to wait this amount of time till I could answer from my living room again to make your theme authors work. Sorry for that delay!
The free update button is available on the top right corner for all theme clients. If they missed a theme please contact email@example.com
Themepunch, thanks for sending the updated version over to me.
The free update button is not on display because we did not purchase your plugin directly through codecanyon. It came bundled with a theme.
I imagine most authors writing you are looking for the update because it was bundled. That update button wont display because the plugin itself was not a direct purchase. It was purchased indirectly.
Thank you for the clarification ! I really appreciate it !
Hi ,I have one problem Please help me Revolution slider video not working in Chrome.
can you please send me a link, so we can debug it and tell you what is wrong ?
I’m doing work for a client whom currently has revslider. Is there any way to make the left/ right buttons bleed from the other images in the slider like this website’s slider:
i dont really see what you mean. Can you please give me a bit more details ?
On the jonathanadler slider to the left or right of the main slider image there is a piece of the previous or next up image. So when you click on the right arrow that next image slides into view.
Here’s another example:
Same concept with being able to see the next/ previous images which then slide into view as you click right/ left. My client already has revslider all set up so I’d like to stick with this plugin if possible.
i see! Thanks a lot for your feedback. Unfortunately this is not yet possible with our slider, since we have a high amount of different transitions, which would not support this. We need an extra handling for it, which we will bring also in the upcoming updates !
can you please give me a bit more information ? I am not sure what you mean !
hi, i bought a themeforest theme (ADAMAS) with inside the licence of the revolution slider, version 3.0.5 i have the Item Purchase Code please let me know how can i update for free !!
there should be a “Free download” button at the top right corner of our plugins item description page. If that button is missing for you please contact http://themepunch.ticksy.com for a free copy.
Thanks and Cheers from your Team @ ThemePunch
Facebook Twitter Support
Hi i need the update of the plugin revolution slider. my site http://www.colombiabirdfair.org/home/ had been hack through your plugin, is there a new corrected version? im very worried, because my site store very delicate information of my customers.
I expect a prompt response with download link. My ticket id is 121744
the update is available since February 2014. We did made a free update available due our Product page also. The current “discussed” vulnerability is the same what we fixed back in the start of this year.
I am really sorry to hear that you have been hacked, and can only advise to make a full scan of the site, and make sure that you always have the latest updates of your plugins and your Wordpress installed.
Please send us a mail (Mail us here) and we send you an update.
Use, by you or one client, in a single end product which end users are not charged for. The total price includes the item price and a buyer fee.
Use, by you or one client, in a single end product which end users can be charged for. The total price includes the item price and a buyer fee.
View license details
Get it now and save up to $12
Price is in US dollars. Price displayed excludes sales tax.
Power Elite Author
Deliver better projects faster. Web, design & video assets
Unlimited downloads, from $16.50/month
Effortless design and video. Made online by you.
Smart templates ready for any skill level.
Designers matched perfectly to
you on Envato Studio
2000 artists ready to undertake your work