We have just received a notice from our site host indicating that the Revolution Slider plugin has a serious vulnerability. Since the plugin is part of the theme it does not get updated by default.
Here is more information on the issue:
Thank you for pointing that out!
Travelify theme has a custom coded slider and it doesn’t use Revolution slider which is premium plugin.
This is really serious vulnerability and if you happen to use this plugin make sure to update it now. I tested it one of my website and it really is capable of downloading any file from server, even
wp-config.php file which is insane!
Not sure where we got that plugin from, we thought it was part of the Travelify theme. Glad it is not. We have now uninstalled it and all seems to work well.