Hello staff members, I purchased a theme with the responsive slider and have experienced the vulnerability of the slider. In fact…I am still experiencing it today. I have contacted support over the past week and a half and have heard from no one. The theme is NOT in my downloads - I have submitted my licensing and purchase agreement via support and still I have not heard anything. I have placed 4 (FOUR) tickets and have not heard back. If a staff member reads this can you PLEASE contact me so I can finally get an updated FRESHBIZ THEME with the updated slider?
SIncerely
Bruce 
wheelguy saidHello staff members, I purchased a theme with the responsive slider and have experienced the vulnerability of the slider. In fact…I am still experiencing it today. I have contacted support over the past week and a half and have heard from no one. The theme is NOT in my downloads - I have submitted my licensing and purchase agreement via support and still I have not heard anything. I have placed 4 (FOUR) tickets and have not heard back. If a staff member reads this can you PLEASE contact me so I can finally get an updated FRESHBIZ THEME with the updated slider?
SIncerely
Bruce
quite strange. if you purchased the theme with this account then you should have the theme available for download in your download area.
did you purchased the theme with this account? if yes, it was purchased as single item or was part of an envato bundle? Because if it was part of a bundle then you are not allowed to receive updates for the theme.
did you contacted envato support also to check this or only the author?
doru saidwheelguy saidHello staff members, I purchased a theme with the responsive slider and have experienced the vulnerability of the slider. In fact…I am still experiencing it today. I have contacted support over the past week and a half and have heard from no one. The theme is NOT in my downloads - I have submitted my licensing and purchase agreement via support and still I have not heard anything. I have placed 4 (FOUR) tickets and have not heard back. If a staff member reads this can you PLEASE contact me so I can finally get an updated FRESHBIZ THEME with the updated slider?
SIncerely
Brucequite strange. if you purchased the theme with this account then you should have the theme available for download in your download area.
did you purchased the theme with this account? if yes, it was purchased as single item or was part of an envato bundle? Because if it was part of a bundle then you are not allowed to receive updates for the theme.
did you contacted envato support also to check this or only the author?
+1
wheelguy saidHello staff members, I purchased a theme with the responsive slider and have experienced the vulnerability of the slider. In fact…I am still experiencing it today. I have contacted support over the past week and a half and have heard from no one. The theme is NOT in my downloads - I have submitted my licensing and purchase agreement via support and still I have not heard anything. I have placed 4 (FOUR) tickets and have not heard back. If a staff member reads this can you PLEASE contact me so I can finally get an updated FRESHBIZ THEME with the updated slider?
SIncerely
Bruce
Hi Bruce, Freshbiz is one of the themes for which a secure update is available, so you should just be able to re-download the theme and then follow the “Instructions for themes already offering a secure update” outlined in our blog announcement. Have you given this a try? I also recommend reaching out to the author of the theme as they may be able to assist. Thanks!
It seems that I have 2 accounts and the accounts cannot be merged. Support has yet to respond the my ticket I placed a week and a half ago - is this a normal wait time from Envato? Seems awfully long. I am glad there was a forum because a staff member contacted me and made me aware of the 2 accounts. I was able to successfully download the new theme (and plugin) and install both. All is good now.
Thank you for your help
Bruce
Maybe this has been asked before, but does this vulnerability affect Drupal themes packaged/sold with Revolution Slider?
brucebilodeau saidIt seems that I have 2 accounts and the accounts cannot be merged. Support has yet to respond the my ticket I placed a week and a half ago - is this a normal wait time from Envato? Seems awfully long. I am glad there was a forum because a staff member contacted me and made me aware of the 2 accounts. I was able to successfully download the new theme (and plugin) and install both. All is good now.
Thank you for your help
Bruce
Our support team is dealing with a rather large backlog right now, but the response time is more like 5-7 days, so I’ll look into what happened with your ticket. On the up side, thrilled you were able to figure things out! 
ja09 saidMaybe this has been asked before, but does this vulnerability affect Drupal themes packaged/sold with Revolution Slider?
As far as we know only WordPress plugins are affected.
Uhhhh… I just downloaded a theme with Revolution Slider 4.5.95 a month ago and it ran for a week before I just got a Google Malware message and I’ve been taken off line.
Are we absolutely sure that the Revolution Slider 4.2+ are safe?
JimLowe saidUhhhh… I just downloaded a theme with Revolution Slider 4.5.95 a month ago and it ran for a week before I just got a Google Malware message and I’ve been taken off line.
Are we absolutely sure that the Revolution Slider 4.2+ are safe?
Hey Jim,
We’re sure that the original vulnerability was fixed in 4.2. There’s always a chance that some other problem has been introduced since (that is true of any software), but the chance is small.
I haven’t heard of any Google Malware message for later versions, but I’ll keep an ear out for any such reports. It is probably worth running the site (with rev slider active) through the Sucuri scanner (http://sitecheck.sucuri.net/).
Cheers,
Stephen
Hello everyone,
we just wanted to chime in with a quick announcement concerning the security of our plugins.
Even though we were already very sure that revolution slider >4.2 is secure, after the recent events we handed our plugins over to a security expert to have them checked thoroughly.
The results are comforting: There are no critical vulnerabilites left.
We can only encourage any plugin author to have your plugins checked by a professional. No developer can say for sure that their products are coded flawlessly so having another pair of eyes look over the code does help.
After christmas we will release more information on the security check, this post is just meant as a brief information.
Also a bit of general advice for any wordpress user:
Please install a security plugin (we can highly recommend https://wordpress.org/plugins/wordfence/) and ideally also have your server scanned by your hoster.
If there ever was a security vulnerabilty in your wordpress installation at some point in time (even though it’s closed now), a hacker might still have planted malicious code that could compromise your system later on.
Thanks Stephen Cronin and everyone else for the continued support.
We wish everyone happy christmas holidays!
Your team @themepunch
new post on securinet:
thx themepunch for answering there as well
themepunch saidafter the recent events we handed our plugins over to a security expert to have them checked thoroughly. The results are comforting: There are no critical vulnerabilites left.
We can only encourage any plugin author to have your plugins checked by a professional.
Could you please recommended where or how to look for a security expert /service like this?
greenline saidthemepunch saidafter the recent events we handed our plugins over to a security expert to have them checked thoroughly. The results are comforting: There are no critical vulnerabilites left.
We can only encourage any plugin author to have your plugins checked by a professional.
Could you please recommended where or how to look for a security expert /service like this?
Hi,
we found this service recently and only can recommend these guys:
I am just now becoming aware of this issue. I did not know about it and now I cannot delete the Revolution Slider from my server at all.
Secondly, where was the email to all Envato customers who purchases a theme with this plugin? Seriously? Where was it?
I would like some help in figuring this out.
Hi, does anyone know if the latest version 1.7.2 has resolved this issue. It says it has fixed a critical vulnerability, but the update date is 27.11.2014 so doesn’t look promising?
I really liked this plugin. So it is a bit of a shame.
Someone should close this thread already.
Hi I have taken over a Wordpress site from a previous admin.
This site has an old version of your ShowBiz Slider Pro Plugin (1.7.1) installed on it.
Unfortunately it was not kept up to date and it urgently needs to be upgraded to the last version (1.7.4) which fixes the severe vulnerability.
However the plugin is no longer available via Envato as it has been withdrawn.
I tried to raise a ticket on the ThemePunch support forum but it says the Envato Purchase Code has expired!
Can ThemePunch or anybody else please tell me the best way to resolve this issue?
Thanks Very Much Basil Brooks
Given the plugin is no longer available either here or on the dev’s own website, and (with respect) you don’t have access to the p/code for the original purchase it’s unlikely that you will be able to get another version.
Also there’s probably a reason that even the latest version may not be a solution ( they are a very highly regarded author and would unlikely remove something without good cause).
Perosnally I’d look at removing the plugin and looking for a different and supported way to handle the output you want.
Hi Charlie
Thanks for the quick response.
Actually I do have the p/code from the previous admin and it is still being used on the same site he bought it for. When I went on the ThemePunch forum there was no option to select Showbiz Slider Pro as a topic, maybe that’s why it didn’t recognise my code.
As far as I can tell via Google the more recent versions have fixed the vulnerability and the version I have is still working fine with latest version of Wordpress and other plugins (but it is vulnerable). I’m sure that ThemePunch must still have a copy but I don’t seem able to contact them, maybe you could pass on my message?
If all else fails I will have to replace the plugin, but it is a few hours work as I need to match the style and there are 30 images and titles to transfer (There is no data/image export option on the plugin).
Thanks Again for Your Help
Basil