A vulnerability in RevSlider leads to massive malware campaign

[SentinelTower]

Hi,

For those who are running wordpresses and who are not yet aware of SoakSoak, there is a massive malware campaign which has already compromised hundreds of websites. Google has already blacklisted 11k domains and counting.

The flaw is affecting old versions of the premium plugin revolution slider, it was patched in 4.2 but some themes are still using the old ones.

Make sure you are up to date!

Source : http://blog.sucuri.net/2014/12/revslider-vulnerability-leads-to-massive-wordpress-soaksoak-compromise.html

 

[comXyz]

New vulnerabilities everyday...

 

[drmike]

Wordpress, it's so secure (allegedly)... But, the plugins, are essentially unsecure malware mass vector. 

Time for the Wordpress folks to solve this puzzle.  It's exactly why I won't deploy WP on anything.

 

[mikho]

Main problem is that many theme authors used the slider in their themes and then the buyer never updates or the creator never updates.


The slider is never bought by the theme user and they often think that they wont get any support from the slider creator.

 

[fixidixi]

I've used wordpress since 2006 but as it progressed in the last 4 years its getting worse and worse. currently its only worth looking at if you need to deploy an app for someone who has nooo idea about webapps. but the you have to clean up after them. sooo in the end you should purchase a wordpress.com accounts with custom domain & maybe theme (havent done that)...

 

[Wintereise]

Wordpress, it's so secure (allegedly)... But, the plugins, are essentially unsecure malware mass vector. 

Time for the Wordpress folks to solve this puzzle.  It's exactly why I won't deploy WP on anything.

It's an unauthenticated remote shell that happens to have blogging functions.

Always been the most insecure 'app' I know of, I don't see this changing anytime soon.

 

[SentinelTower]

It's an unauthenticated remote shell that happens to have blogging functions.

Always been the most insecure 'app' I know of, I don't see this changing anytime soon.

Wordpress itself is not so insecure but some poorly written plugins are a real plague and are the major (if not always) the infection vector.

I like wordpress because there is almost no learning curve for users and it's really easy to write plugins.

As always the most popular softwares are more prone to malwares since the bad boys want to infect as much people as they can but that does not mean that less known softwares are vulnerability free.