There is a critical Slider Revolution vulnerability which was patched by plugin author, but Sonaar still didn't release this update. Don't you care at all about your customers!?
Thank you for bringing this to our attention. We apologize for any inconvenience caused. We would like to inform you that the version 6.6.12 of Revolution Slider has been available since Sonaar v4.25.
We typically include the latest versions of Revolution Slider and Essential Grid when we release an update for the Sonaar theme. We encourage you to check the changelog whenever a new version of Sonaar is released to stay informed about the included plugin updates.
If you have any further questions or need assistance with the update process, please don't hesitate to reach out.
You dont have to be worried. As we can see on the changelog, the only security fix they did since 6.6.12 is minor. It is about "Improved security for manual imports".
This security issue only becomes a potential problem when template zip files are imported from untrusted sources.
Hi,
There is a critical Slider Revolution vulnerability which was patched by plugin author, but Sonaar still didn't release this update. Don't you care at all about your customers!?
Theme still uses: Version 6.5.31
While there is a: 6.6.14 version available
Till when we need to keep our site exposed to this vulnerability?
Hi,
Thank you for bringing this to our attention. We apologize for any inconvenience caused. We would like to inform you that the version 6.6.12 of Revolution Slider has been available since Sonaar v4.25.
To update Revolution Slider, please follow the instructions provided at https://sonaar.io/docs/how-do-i-update-the-theme-required-plugins/.
We typically include the latest versions of Revolution Slider and Essential Grid when we release an update for the Sonaar theme. We encourage you to check the changelog whenever a new version of Sonaar is released to stay informed about the included plugin updates.
If you have any further questions or need assistance with the update process, please don't hesitate to reach out.
Thank you
Alex
Thanks,
Alexandre from the Sonaar.io Crew
Hi,
Which means that vulnerability is still there!
Please check attached screenshots.
Attached files: SmartSelect_20230630_194007_Chrome.jpg
Screenshot_20230630_194018_Chrome.jpg
Hi,
You dont have to be worried. As we can see on the changelog, the only security fix they did since 6.6.12 is minor. It is about "Improved security for manual imports".
This security issue only becomes a potential problem when template zip files are imported from untrusted sources.
You can read more about it on this article:
https://www.sliderrevolution.com/faq/minor-security-issue-below-version-6-6-12/
But I should have sent you the latest version of Slider Revolution in my last message. Here it is as attachment.
Alex
Attached files: revslider.zip
Thanks,
Alexandre from the Sonaar.io Crew