WP Tavern › Forums › Create Topic
Mike Whilst 1,000+ themes are listed on ThemeForest as using Revolution Slider, I’ve done a trawl through a sample of themes and the vulnerability doesn’t affect anywhere near as many as on the Evanto list (they say in fact in their blog that their list is just a search of every theme using Rev Slider, regardless of the version and whether it’s vulnerable to the exploit). Nevertheless, it does raise a lot of debate and you’ve just got to look at some of these themes that come with five different choices of slider module installed, etc, and alarm bells start ringing! Worth saying that these themes that use Rev Slider will normally prompt the user to install the plugin after the new WordPress theme is setup, with the plugin zip file stored ready in the theme folder ready to be installed and activated by the user. Therefore the slider is a standalone plugin and does give the user some choice, so they can just delete it and choose something else (though I suppose it’s hit and miss how nice another slider plays with the theme, esp. some of the more creative themes that build the home page design completely around the slider panel!). (Many other themes include a slider panel directly coded into the theme files, so users might be stuck with that). As the article says, the problem seems to be that these premium themes are using a premium slider, and the plugin doesn’t have access to an auto-upgrade facility, so users could well be using a very old version of the plugin and not be aware it’s old. But if the themes supported a slider that was well supported on the WordPress repository, perhaps that would be a better solution? Also I know LayerSlider is used by a lot of themes on ThemeForest (probably more so than Rev Slider) – am I right in thinking this does have access to an auto-update facility? (I haven’t looked into this properly so I might be wrong!).
Mike
Whilst 1,000+ themes are listed on ThemeForest as using Revolution Slider, I’ve done a trawl through a sample of themes and the vulnerability doesn’t affect anywhere near as many as on the Evanto list (they say in fact in their blog that their list is just a search of every theme using Rev Slider, regardless of the version and whether it’s vulnerable to the exploit).
Nevertheless, it does raise a lot of debate and you’ve just got to look at some of these themes that come with five different choices of slider module installed, etc, and alarm bells start ringing!
Worth saying that these themes that use Rev Slider will normally prompt the user to install the plugin after the new WordPress theme is setup, with the plugin zip file stored ready in the theme folder ready to be installed and activated by the user. Therefore the slider is a standalone plugin and does give the user some choice, so they can just delete it and choose something else (though I suppose it’s hit and miss how nice another slider plays with the theme, esp. some of the more creative themes that build the home page design completely around the slider panel!).
(Many other themes include a slider panel directly coded into the theme files, so users might be stuck with that).
As the article says, the problem seems to be that these premium themes are using a premium slider, and the plugin doesn’t have access to an auto-upgrade facility, so users could well be using a very old version of the plugin and not be aware it’s old.
But if the themes supported a slider that was well supported on the WordPress repository, perhaps that would be a better solution?
Also I know LayerSlider is used by a lot of themes on ThemeForest (probably more so than Rev Slider) – am I right in thinking this does have access to an auto-update facility? (I haven’t looked into this properly so I might be wrong!).
Name *
Email *
Website:
Topic Title (Maximum Length: 80):
Forum: — No forum —AI and WordPress Articles Blocks Showcase Discussions Events Introductions Jobs and Working in WordPress Podcast Episodes Site and Block Editor
Enter your email address to subscribe to this blog and receive notifications of new posts by email.
Email Address
Submit
Enter the destination URL
Or link to existing content
