ClioSport.net

Register a free account today to become a member!
Once signed in, you'll be able to participate on this site by adding your own topics and posts, as well as connect with other members through your own private inbox!

  • When you purchase through links on our site, we may earn an affiliate commission. Read more here.

WordPress vulnerability (wp-config accessed via browser)



For anyone who has a WordPress site installed, if you're using the Revolution Slider plugin (after all it's the most downloaded plugin on the envato marketplace), check it's up to date.

If you're using 4.1.4 or older, anyone can access your wp-config file through the browser (using a string of text after the URL). Obviously this gives them access to your database details, I've tested on some sites today (and informed them).

It's been kept pretty quiet, but today emails are being sent out from some of the biggest theme market places, so expect more people to attempt to 'hack' each others sites.

So update, then change your database details.

If you've updated any-time since Feb 2014, it's probably best to update your database details anyway, as that's how long the vulnerability has been known.

http://marketblog.envato.com/general/plugin-vulnerability/

P.s. even if you're not using the plugin, if it's installed it's still a problem.
 
  Rav4
For anyone who has a WordPress site installed, if you're using the Revolution Slider plugin (after all it's the most downloaded plugin on the envato marketplace), check it's up to date.

If you're using 4.1.4 or older, anyone can access your wp-config file through the browser (using a string of text after the URL). Obviously this gives them access to your database details, I've tested on some sites today (and informed them).

It's been kept pretty quiet, but today emails are being sent out from some of the biggest theme market places, so expect more people to attempt to 'hack' each others sites.

So update, then change your database details.

If you've updated any-time since Feb 2014, it's probably best to update your database details anyway, as that's how long the vulnerability has been known.

http://marketblog.envato.com/general/plugin-vulnerability/

P.s. even if you're not using the plugin, if it's installed it's still a problem.

Thanks buddy, handy info.

The main issue I am having with WP is unsolicited emails being sent out from Wordpress and not even stored on the logs, SPAM basically. Frustrating.

Thanks
 
Thanks buddy, handy info.

The main issue I am having with WP is unsolicited emails being sent out from Wordpress and not even stored on the logs, SPAM basically. Frustrating.

Thanks

Are you using an SMTP plugin?
 


Top