There is a new Slider Revolution exploit that allows malware to be installed on your site, please patch ASAP! See Erwan’s comment that links to http://www.epnb.fr/correction-fix-patch-manuel-pour-corriger-la-faille-dans-le-plugin-revslider-de-wordpress/ for his excellent post and instructions on patching this new exploit. And also apply the patch detailed on this page, if you haven’t already.
If your site uses the WordPress plugin Slider Revolution version 4.1.4 or older, you need to patch it or update it ASAP! Follow the directions below to patch yours within minutes…This wptavern article explains this serious security vulnerability in more detail, but the actual exploit is very easy, just open http://yourdomainhere.com/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php using your domain, and the wp-config.php source code will be downloaded! This includes your database login information, and if your MySQL server allows remote connections, then your site is theirs.
Update: see Envato Market’s post about how you should be able to get an updated and patched Revolution Slider for free. Or you can use the instructions below to easily patch the vulnerability yourself in a minute and everything works exactly as it did before.
The below patch worked for a Revolution Slider ver 4.1.2 install that I just updated, though you should definitely make a backup in step 2) in case it doesn’t for you.
1) Verify the exploit works by loading http://yourdomain.com/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php
2) backup and then edit the image_view.class.php file that may be in one of these folders:
wp-content/plugins/revslider/inc_php/framework/
wp-content/plugins/revslider/inc_php/
wp-content/themes/(your them name)/revslider/framework/inc_php/
wp-content/themes/(your them name)/revslider/inc_php/
3) Find the private function showImageFromGet function in the code and apply the bolded updates below, which includes adding a new showImageByID function and editing the showImageFromGet function.
private function showImageByID($fileID, $maxWidth=-1, $maxHeight=-1, $type=""){ $fileID = intval($fileID); if($fileID == 0) $this->throwError("image not found"); $img = wp_get_attachment_image_src( $fileID, 'thumb' ); if(empty($img)) $this->throwError("image not found"); $this->outputImage($img[0]); exit(); } public function showImageFromGet(){ //$imageFilename = UniteFunctionsRev::getGetVar("img"); $imageID = intval(UniteFunctionsRev::getGetVar("img")); $maxWidth = UniteFunctionsRev::getGetVar("w",-1); $maxHeight = UniteFunctionsRev::getGetVar("h",-1); $type = UniteFunctionsRev::getGetVar("t",""); //set effect $effect = UniteFunctionsRev::getGetVar("e"); $effectArgument1 = UniteFunctionsRev::getGetVar("ea1"); if(!empty($effect)) $this->setEffect($effect,$effectArgument1); $this->showImageByID($imageID); //$this->showImage($imageFilename,$maxWidth,$maxHeight,$type); }4) Test the exploit link in step 1) and verify it no longer downloads your wp-config.php file, and test your Revolution Slider slideshows to verify they are still functioning correctly – if not, then restore the backup from step 2) and try again, or purchase the latest Revolution Slider for $18 from Code Canyon and perform their upgrade steps, or switch to another slider plugin and call off the revolution.