What are the recommended steps to avoid this security issue?
- The number one rule to follow is: do not import unknown zip files. Even if they seem innocuous, they may contain harmful or malicious elements. It’s crucial to only import files that come from trusted and verified sources.
- Our template library and your self-generated imports are not affected.
- Update Slider Revolution to at least Version 6.6.13
Who should be allowed to use our product?
Our product should only be operated by trusted individuals. Allowing unverified or unauthorized users can increase the risk of security issues.
What security features are added in the latest version of the plugin?
We have made updates to the latest version of our plugin to further secure your data. This includes checks to automatically exclude most common file types that may pose a risk during the import process.
How can I check and manage permissions for this plugin?
You can manage the permissions for our plugin in the global settings of our plugin. Always ensure to check and adjust permissions accordingly.
What is the default permission setting for our plugin?
The default permission setting for our plugin is set to the ‘Administrator’. This is done to limit access to trusted individuals only.
What are the basic rules of thumb for using our plugin, and for uploading files to WordPress in general?
Always follow these golden rules for a safer WordPress experience:
- Only import files from sources you trust.
- Never import unknown zip files.
- Limit the use of our product to trusted individuals.
- Regularly update our plugin for the latest security features.
These rules apply not just to our plugin, but to everything you upload to WordPress. Safety first!
Remember, your security is a shared responsibility. By following these guidelines, you can help ensure a safer, more secure experience on your WordPress site.
And a big thanks to Marco Frison for reporting the issue!