Jump to content

Archived

This topic is now archived and is closed to further replies.

carletto0282

REVSLIDER Severe Vulnerability to be fixed

Recommended Posts

carletto0282

Hi guys,

 

I'm having several sites infected by malware in the last weeks.

I'm working hard to restore those sites and try to understand the reasons the lead to this situations.

 

After some reading I found that several plugins I actually use where affected by vulnerabilities that lead to those infections.

I particular Mailpoet

http://blog.sucuri.net/2014/07/remote-file-upload-vulnerability-on-mailpoet-wysija-newsletters.html

 

And Slider Revolution or Revolution Slider (Revslider)

http://blog.sucuri.net/2014/09/slider-revolution-plugin-critical-vulnerability-being-exploited.html

 

So I upgrade those plugins but in these last days due to some other infections and some more checkwork I found that the DMS embedded version of Revslider is not up to date.

For what I see it is a 4.1.2 release!

 

The last realease is 4.6 and the most important thing the first patched version against this vulnerability is 4.2!!!

 

I know James Giroux reassured the community of DMS users about DMS safety but is absolutely impossible to get this update?

 

Best regards

Thanks

 

Carlo

 

Share this post


Link to post
Share on other sites
Simon

As stated in a post when the security issue was first announced, DMS does not, has never and never will use the actual WordPress revslider plugin.

It has a section called revslider though which uses a jQuery plugin.

 

The jQuery plugin is totally different and is not vulnerable.

 

It was mentioned in a blog post here on sept 3rd, and i think there was even mention as part of the usual email blast.

http://www.pagelines.com/revslider-for-pagelines-security-update/

 

Please note however, as stated on the blog post, some users may have the full WordPress revolution slider plugin installed, its that one that may need updating.

 

Hope that helps to clear up the FUD.

Share this post


Link to post
Share on other sites
carletto0282

Hi Simon,

 

I'm sorry but in the post you mentioned (that I accurately read - as stated above) there is no information at all about how Pagelines DMS uses Revslider.

There's only a general reassurance saying that DMS is not affected by vulnerability.

 

Thanks for your explanations.

Best regards

 

Carlo

Share this post


Link to post
Share on other sites
Simon

There was another post about it here:http://forum.pagelines.com/topic/36543-critical-vulnerability-in-revolution-slider/

 

DMS uses mostly javascript for the visual plugins. We dont use and external PHP scripts, apart from the LESS compiler maybe...

 

If there ever was a security hole affecting DMS in any way, we would release an update immediately, we do take that kind of stuff very seriously.

 

Share this post


Link to post
Share on other sites
carletto0282

Great to hear this from you now.

 

Thanks again

 

Share this post


Link to post
Share on other sites

  • Similar Content

    • stijnxo
      By stijnxo+
      The Filtering of categories in the Masonic Gallery refreshes back to ALL categories when the DMS Revslider loads a new image?
      Anybody any idea? See Artists Category refreshes back to ALL when the DMS Revslider with images on the top loads a news image on http://www.18hrsfestival.nl/
    • Steve Webb
      By Steve Webb+
      I am having an issue with DMS editor not loading.  Just keeps spinning and spinning.
      Have tried several things - Logged in and out, cleared cache, deactivated all plugins, but the issue persists.
      I even had our host restore from a backup a few weeks ago, when I know it WAS working, as I edited a text box on the homepage.  The restore from backup didn't help either.
      Also, the front end of the site shows that the site is framed, or boxed now (whatever you call it), instead of full width as it was previously (last week).
      Dev console shows that there are php errors in Google maps - file is attached.
      Can someone please help?  Not sure what else I can do here...
      Thanks in advance.
      -Matt

    • tuciudadenred
      By tuciudadenred+
      Hi everyone, what happens is that the web page metrosalarmas.com has a google tags which I have not attacked where I can look to remove those tags and be able to locate the correct ones.
    • Steve Webb
      By Steve Webb+
      I am having an issue with DMS editor not loading.  Just keeps spinning and spinning.
      Have tried several things - Logged in and out, cleared cache, deactivated all plugins, but the issue persists.
      I even had our host restore from a backup a week ago, when I know it WAS working, as I edited a text box on the homepage.  The restore from backup didn't help either.
      Also, the front end of the site shows that the site is framed, or boxed now (whatever you call it), instead of full width as it was previously (last week).
      Dev console shows that there are php errors in Google maps - file is attached.
      Can someone please help?  Not sure what else I can do here...
      Thanks in advance.
      -Matt

    • JawDesigns
      By JawDesigns
      Hi everyone,
      Flywheel have reported errors on my clients site 'www.racewaredirect.co.uk' and it's not loading. Can someone please provide some information on how to fix this? The site has never experienced these issues before.
      Thanks,
      James Wilson
×