Sucuri reports Local File Inclusion Vulnerability in the WordPress Revolution Slider Plugin
About the Plugin
The plugin is often bundled as part of the themes, hence updates to the plugin will only be possible via the theme.
About the Vulnerabilities
The issues allows for any file to be downloaded from the website, included confidential files like “wp-config.php”
Update to version 4.6 asap or update theme
Plugin: WordPress Testimonial
Version: pre 4.5