We got this in our email after a site scan by Wordfence.
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/revslider/slider-revolution-6718-authenticated-author-stored-cross-site-scripting-via-svg-file-upload
The current and recently updated version we have is version 6.7.17 and this article says that a patched version 6.7.19 is already available. Since we are using the one bundled with your theme, when are we getting the patched version?
Hey @mercadeoconsult,
Thanks for reaching out!
We’ve already reported this to our admin who handles the plugin updates. We don’t have any ETA but rest assured that there will be an update soon.
3-4 days on a critical vulnerability doesn’t seem good enough. I use Pro almost exclusively, host client sites, and probably have a half dozen sites using Slider Revolution. That means all those sites are vulnerable., and at least one has already been hacked. Making the update (now 6.20) available should be your top priority.
Hey @diamondheart,
We’ve already bumped the thread with our admin who handles the plugin updates. Please stay tuned and thank you for understanding.
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.