Code

Discussion on Slider Revolution Responsive WordPress Plugin

themepunch

themepunch supports this item

Supported

21791 comments found.

Hi,

thanks a lot for your feedback ! The Article is new however the problem is still the old Vulnerability issue we had back in February. We fixed the problem in February, and it has been discusses at Sucuri and other security blogs multiple times in September.

We advised to update to version 4.2 or newer asap that time, and still do.

In case you use version 4.2 or newer, you dont need to worry.

However if you update the slider first now, we would recommend a full scan on the site, since you may be already compromised.

Thank you and please let us know if there is anything else we can do for you?

Cheers from your Team @ ThemePunch

  Facebook      Twitter      Support

IMPORTANT INFORMATION

Hi,

we are aware that the recent articles in the media are causing a lot of mass confusion.

Please note that the vulnerabilty in slider revolution (versions < 4.2) has been fixed in february 2014 and there was widespread coverage on the issue on envato and in every major wordpress blog: http://marketblog.envato.com/news/plugin-vulnerability/

If you purchased the plugin directly, you can easily update it automatically. For all buyers who got the plugin bundled with a theme that contained a vulnerable version of our plugin, there is a “free update” button on our item page.

Every theme author should have updated their theme download versions by now so there are no themes on the marketplace currently being sold that contain a vulnerable slider revolution version.

Along with keeping your wordpress plugins up to date at all times, you should also install a firewall plugin and scan your websites for potential malware.

Even if you updated a vulnerable plugin after say, a month, a hacker might already have planted a backdoor that can cause your site being “hacked” afterwards. Again, only doing a full site scan and installing a security/firewall plugin will ensure that your installation is safe, in addition to always keeping your plugins up to date.

As a sidenote: There recently was a critical vulnerabilty fixed in wordpress 4.0.1 which allowed a similar intrusion to the server. Incidents like this should emphasize the importance of contantly keeping your plugins up to date!

Hope that clears things up a bit.

Best Regards, ThemePunch

With all the attacks on this plugin I think it’s probably worth releasing at least a base version for free to the public. This is becoming a nightmare. I’ve had several sites get hacked and taken down because of this plugin.

Hi,

because the Chaos is big due Blogs which are not research well. Unfortunately we only can advise to updat then to version 4.6.5 before your hoster blocks you. You can redownload the files here at cc for free, or use the Auto Update function in the backend for this.

Let us know if there is anything else we can do for you?

Thanks a lot,

Cheers from your Team @ ThemePunch

  Facebook      Twitter      Support

I’m going through and updating them now. I’ve just got clients (who have the host in their name) worrying and emailing me about the issue and wanting to just cut the plugin completely because these hosts keep sending them warnings. And the sites that got hacked (with <4.1) had some major issues with code being injected on every site in their accounts (one had over 20 sites within a dreamhost account affected). I believe the issue is fixed, but convincing clients who are getting constant emails from their hosts or who have been hacked is another story.

I see ! We really sorry to hear again and hope that thing turns to good at you and at your customers.

Please let us know if there is anything else we can do for you !

Cheers from your Team @ ThemePunch

  Facebook      Twitter      Support

Hi, im getting Ajax error!!!error whenever I try to create slide. Any idea how I can fix that? ( I already disabled all the plugins, didnt work)

Thanx

Hi,

you can drop us an email through the contact box on our profile page, or you can directly click on Support to open a ticket at the bottom of this comment.

Cheers from your Team @ ThemePunch

  Facebook      Twitter      Support

Ok,can you have a please look on the ticket #337327 ? I have deadline today with the web. Thanx

Hi,

already answered! :)

Cheers from your Team @ ThemePunch

  Facebook      Twitter      Support

Hi, We purchased the Norma Theme for our site. Our host (bluehost) flagged our account for the revslider vulnerability and advises us to update to 4.6.5 or we will get blacklisted. Tried to update the plugin, via WP admin, and says it’s current at 4.6. Do we contact the theme author? I’ve read posts here to go to your Envato Marketplace page and no link to “fee update” exists. Just what is the direct link to your item page? (Yes, I am logged in) Please advise, thanks.

Hi lapeaco,

?The vulnerability is in version 4.1.4 or earlier. It was patched back in February of this year. If you’re using a more recent version, technically you shouldn’t need to update. But some hosting providers are misinformed, and are requiring that the plugin be updated even when the current version (version 4.2 or higher) is actually secure.

But open a ticket over at our support forum, and we’ll provide you with a copy of the latest version, as well as some instructions for how to update.

Cheers from your Team @ ThemePunch

Facebook Twitter Support

P.S. Please disregard the ? character at the beginning of my last message. It’s just a typo.

Hello,

I have purchased blaszok theme and I have got your plugin included in that theme.

But unfortunately today I got a mail from blue host :

Slider Revolution Premium Plugin has released a new verison 4.6.5 for their plugin. A recent hack has been found in older versions of this plugin that allows an attacker to download any file from your hosting account, such as the configuration file containing the database passwords. Once the attacker has this information the attacker can comprise your website via the database.

This vulnerability is being exploited currently which is causing numerous domains to become blacklisted by Google. For additional details please refer to this link http://blog.sucuri.net/2014/12/soaksoak-malware-compromises-100000-wordpress-websites.html

Your account was found to have the Slider Revolution Premium Plugin. Due to the vulnerability this creates to your website and our servers we strongly recommend that you upgrade this plugin to the most recent version 4.6.5. We also strongly recommend that you update all of your plugins and themes as the Slider Revolution Plugin is included in a number of other themes and plugins. It is strongly recommend you update your WordPress installation(s) to the most current version at this time as well.

  • If the Slider Revolution Premium Plugin is not updated by 28 December 2014 we will be forced to disable the plugin in order to protect our servers from being blacklisted. **

I have checked my plugins area on my website and it is showing that the current version of Slider Revolution is 4.6.5

So is there anything that I need to worry about??

Is there any chance the google will get my webiste blacklisted??

Hi SwagDesiStore,

?The vulnerability is in version 4.1.4 or earlier. It was patched back in February of this year. If you’re using a more recent version, technically you shouldn’t need to update. But some hosting providers are misinformed, and are requiring that the plugin be updated even when the current version (version 4.2 or higher) is actually secure.

But open a ticket over at our support forum, and we’ll provide you with a copy of the latest version, as well as some instructions for how to update.

Cheers from your Team @ ThemePunch

Facebook Twitter Support

P.S. Please disregard the ? character at the beginning of my last message. It’s just a typo.

Same problem as Lapeaco.

You need to fix the “free download” for people who purchased slider revolution bundled with an Envato theme today.

Hi barnabyrobson,

Yes I believe the “free download” button needs to be updated. We’ll contact Envato for that.

In the mean-time, ?open a ticket over at our support forum, and we’ll provide you with a copy of the latest version, as well as some instructions for how to update.

Cheers from your Team @ ThemePunch

Facebook Twitter Support

Update Request: Google (Matt Cutts) has been pushing for sites to switch to 100% SSL, and it has a small positive effect on SEO. A lot of sites are making the move. Can you please update your plugin to support SSL globally? Specifically in my case, I need the Youtube video functionality to pull videos via https instead of http. Otherwise they generate browser warnings and don’t display on the page. Youtube serves all of their videos via https anyway, so it would be more correct for you to update the code regardless to pull via https.

Thanks

Hi,

please update your version to a newer one (best to 4.6.5) since in the last versions we do 100% support yt, vimeo and html5 videos with http and https also.

Thanks a lot,

Cheers from your Team @ ThemePunch

  Facebook      Twitter      Support

great thank you. I see why. For some reason the old plugin wasn’t getting highlighted on my wp plugins page when new versions came out.

Hi,

strange indeed! Happy we could help anyway ;)

Cheers from your Team @ ThemePunch

  Facebook      Twitter      Support

Hi, We receive an alert from Blue Host to upgrade revolution slider to 4.6.5.

Just want to check how can we update it? Currently we use the theme come with Revolution slider v 4.6.0. But we don’t see any option to update it to 4.6.5 on plugin list?

Thank you

Hi jsling,

Open a ticket over at our support forum, and we’ll provide you with a copy of the latest version, as well as some instructions for how to update.

Cheers from your Team @ ThemePunch

Facebook Twitter Support

Hi,

How would I go about changing the thumbnails to display in a vertical direction rather than just horizontal?

Many thanks.

Hi,

thanks for the request. This is not yet possible out of box, only with some customization and custom jQuery code. We have the request on our list and will come of course also in the next updates !

Thanks a lot,

Cheers from your Team @ ThemePunch

  Facebook      Twitter      Support

With regards to this soaksoak hack, I got hit by it and the versions of the slider and carousel were well above the version stated that were at risk??

Are you sure the problem is sorted in the new versions?

Hi,

yes, we are sure that the repoorted issue is solved since February 2014. The problem is that you may have been infected before the update, and there are some existing backdoors, which are still acting after the update. Also not only our old plugins had vulnerability. Also happend to other Plugin developers and even Version 4.0.0 of WordPress has Vulnerabilty ! So we advise to make a full site scan, ask your provider for this, and install Security PLugins like Worddefence to block backdoor activities.

Thanks a lot for you understanding and if you have any further question, please do not hesitate to contact us again !

Thanks a lot,

Cheers from your Team @ ThemePunch

  Facebook      Twitter      Support

Thanks, helpful vid for this dumbass attack. https://www.youtube.com/watch?v=_IMIMb8Z43k I actually restored a site from 2013 and imported the new DB, then imediately updated anything, anyone know if this hack resides in databases?

We did not get any information yet about that the Attack resides in db’s. So far we know till today, it does not.

Thanks for the Video share. It has only a small failure. It says “wait for a fix from the developer team” however this issue has been fixed already back in February 2014. So you can Clean up the site, update the plugins to the latest available version (or at least to 4.2) and that should make it !

Thanks a lot again for all your support and feedback,

Cheers from your Team @ ThemePunch

  Facebook      Twitter      Support

Hi, is there a way I can only show just one random slide? I tried Shuffle Mode on, Stop Slider on, Stop After Loops 0, Stop At Slide 1, but it always shows the first slide, it doesn’t show a random slide. I am using version 4.65 and latest version of Wordpress. Any suggestion would be greatly appreciated. Best regards, David

Hi,

actually if you would turn off the Alternative First slide, and change back to stop at first slide, than it should already work well. Please try to make that change also !

Thanks a lot,

Cheers from your Team @ ThemePunch

  Facebook      Twitter      Support

Ok, changed it back to 1 but it keeps showing all the slides and then showing the first slide it showed and then stopping. :(

Hi,

please submit a ticket with your wp credentials, and send us a link which is working there also (since the link above does not load) and if possible also ftp access to the plugin, so we can analyze and fix this for you asap !

Thanks a lot,

Cheers from your Team @ ThemePunch

  Facebook      Twitter      Support

Hi there So I’m getting alarming messages from my hosting company about previous version of this slider being vulnerable to a hacking. I brought a WP theme that comes packaged with your slider? I have contacted the themes author but have not received a response.

However, in theory if I buy this plug-in form here and activate within the theme will that update the version I already have?

Currently on 4.1.4 which I have done my best to update what I can so far but keen to get this matter resolved.

Thank you in advance Merry Christmas Tom

Hi Tom,

yes, 4.1.4 is exploitable, and you should update asap ! This issue is fixed since February and we mailed and informed all our Users, Theme Authors in September.

Please Mail me asap (Mail us here) and we send you an update to the latest version.

Cheers from your Team @ ThemePunch

  Facebook      Twitter      Support

Hi

Ive been made aware of the need to update rev slider for a number of sites we use it on. However each site, after updating all plugins within our Wordpress installations, does not say the rev slider is the current version (4.6.5). They are all different versions, with no option to update any further. Why is this?

In case your old versions had no “Auto Update” function included, you may dont see the current version available. As best please update via FTP or Manually via the Slider Backend.

The latest version is 4.6.5 however if you have newer than 4.2. than you are safe. But if you come from older than 4.2 please make sure that you make a full site scan and use firewall on your WP installation, since you may have already backdoors existing on your server.

Thank you,

Cheers from your Team @ ThemePunch

  Facebook      Twitter      Support

Ok thank you for that information. I cant find where I can download the latest version on this site??

Hi,

you can find a “Free update” button on the top right corner of the plugin description page. If you cannot find that one please contact http://themepunch.ticksy.com for a copy.

Cheers from your Team @ ThemePunch

  Facebook      Twitter      Support

I have several websites which use revslider 3.1.2 that came bundled with thir party themes. How do I update the plugin?

Hi,

that is ancient! Please check if you can see a “Download free update” button on the top right corner of the item page here. If not please write to http://themepunch.ticksy.com to receive a copy.

Cheers from your Team @ ThemePunch

  Facebook      Twitter      Support

I have combed your website, and the options available inside of themeforest looking for what in your comments across the internet describe as a free update on your products page. I can’t find the actual download anyplace.

I’ve now emailed you requesting that update. I expect it will probably take several hours for that response to come through.

Not a great way to handle this crisis, themepunch.

Hi,

yes just answered your mail. Sorry to read that the theme author did not update the theme with a secure RevSlider since February!

I had to commute home unfortunately which took me 1,5 hours. So yes you had to wait this amount of time till I could answer from my living room again to make your theme authors work. Sorry for that delay!

The free update button is available on the top right corner for all theme clients. If they missed a theme please contact support@envato.com

Cheers from your Team @ ThemePunch

  Facebook      Twitter      Support

Themepunch, thanks for sending the updated version over to me.

The free update button is not on display because we did not purchase your plugin directly through codecanyon. It came bundled with a theme.

I imagine most authors writing you are looking for the update because it was bundled. That update button wont display because the plugin itself was not a direct purchase. It was purchased indirectly.

Thank you for the clarification ! I really appreciate it !

Hi ,I have one problem Please help me Revolution slider video not working in Chrome.

Thanks Masum

Hi Masum,

can you please send me a link, so we can debug it and tell you what is wrong ?

Thanks a lot,

Cheers from your Team @ ThemePunch

  Facebook      Twitter      Support

Hello!

I’m doing work for a client whom currently has revslider. Is there any way to make the left/ right buttons bleed from the other images in the slider like this website’s slider:

http://www.jonathanadler.com/

Thanks!

On the jonathanadler slider to the left or right of the main slider image there is a piece of the previous or next up image. So when you click on the right arrow that next image slides into view.

Thanks

Here’s another example:

http://www.nextendweb.com/demo/smartslider2/generator/image-stripe

Same concept with being able to see the next/ previous images which then slide into view as you click right/ left. My client already has revslider all set up so I’d like to stick with this plugin if possible.

Thanks again, Andrew

Hi,

i see! Thanks a lot for your feedback. Unfortunately this is not yet possible with our slider, since we have a high amount of different transitions, which would not support this. We need an extra handling for it, which we will bring also in the upcoming updates !

Thanks a lot,

Cheers from your Team @ ThemePunch

  Facebook      Twitter      Support

Hello!

I’m doing work for a client whom currently has revslider. Is there any way to make the left/ right buttons bleed from the other images in the slider like this website’s slider:

http://www.jonathanadler.com/

Thanks!

Hi,

can you please give me a bit more information ? I am not sure what you mean !

Thanks a lot,

Cheers from your Team @ ThemePunch

  Facebook      Twitter      Support

hi, i bought a themeforest theme (ADAMAS) with inside the licence of the revolution slider, version 3.0.5 i have the Item Purchase Code please let me know how can i update for free !!

Hi,

there should be a “Free download” button at the top right corner of our plugins item description page. If that button is missing for you please contact http://themepunch.ticksy.com for a free copy.

Thanks and Cheers from your Team @ ThemePunch

  Facebook      Twitter      Support

Hi i need the update of the plugin revolution slider. my site http://www.colombiabirdfair.org/home/ had been hack through your plugin, is there a new corrected version? im very worried, because my site store very delicate information of my customers.

I expect a prompt response with download link. My ticket id is 121744

Hi,

the update is available since February 2014. We did made a free update available due our Product page also. The current “discussed” vulnerability is the same what we fixed back in the start of this year.

I am really sorry to hear that you have been hacked, and can only advise to make a full scan of the site, and make sure that you always have the latest updates of your plugins and your Wordpress installed.

Please send us a mail (Mail us here) and we send you an update.

Thanks a lot,

Cheers from your Team @ ThemePunch

  Facebook      Twitter      Support

by
by
by
by
by
by