gasshoThe handling of this well-known vulnerability by Theme Horse has been horrible, especially for a premium theme. Today’s email announcing an update to the theme is the first and only one I’ve ever received! There have been posts here about why we don’t see theme update notifications in our WordPress dashboard as well.
Theme Horse has been very irresponsible in NOT letting all of its paid users know what exactly was going on, dating back to Sept 2014 at the very least. I just went through several weeks of stress, waste of time and expense in cleaning up my blog from a malicious hack exploiting what the whole tech world knows as Revolution Slider’s gaping vulnerability.
A very long time ago I tried to delete this plugin but it doesn’t or didn’t back then delete like a normal plugin. When I contacted the plugins author I was told that if baked into the theme, it can’t be deleted.
Theme Horse REALLY should have let us know MORE THAN ONCE, made a concerted effort to have us update our theme. Moving forward, why bundle anything in the theme at all?! Especially a shady plugin like this? WHY?