Theme plugin has a security vulnerability -> no update

envatobundy · December 5, 2023, 12:01pm

Hi there,

For a client I’m using the WP theme: MobRepair - Mobile Phone Repair Services WordPress Theme: MobRepair - Mobile Phone Repair Services WordPress Theme by BrothersTheme.

The theme came with the plugin ‘Slider revolution’, but this plugin has a major security vulnerability for all versions below 6.6.15: Slider Revolution <= 6.6.15 - Authenticated (Author+) Arbitrary File Upload.

Although my support is expired, I’ve tried to contact the theme author about two weeks ago, but no response. About 6 days ago I wrote a comment on their theme page, but also no reaction and I saw the last 3 comments were actually mine

Is it normal to not receive support for such security vulnerability’s? I really need a patched version of the plugin.

Elias

ki-themes · December 5, 2023, 1:36pm

As it says:

This makes it possible for attackers with author-level access and higher to upload arbitrary files on the affected site’s server which may make remote code execution possible.

They will still need author-level privileges. If you don’t have any author level or higher user, you are OK.

Topic		Replies	Views
(Locked) Slider Revolution Plugin Critical Vulnerability Being Exploited Web and Code	8	3130	November 28, 2016
Important: Serious Vulnerability in Revolution Slider & Showbiz Pro (WordPress) Plugins Envato Announcements themeforest , codecanyon	145	9534	November 9, 2017
(Locked) Slider Revolution- upgrade plugin Purchases and Subscriptions	12	1966	November 28, 2016
SmartChoice Theme - RevSlider Web and Code	3	508	November 1, 2016
Plugin "Slider Revolution" in NextBiz Theme subject to shell code attack Theme Authors	6	501	June 9, 2017

Theme plugin has a security vulnerability -> no update

Related topics