Attackers are actively exploiting a critical vulnerability in a WordPress plug-in that's used by a large number of themes, researchers from two security companies warned Wednesday. The vulnerability affects versions 4.1.4 and older of Slider Revolution, a commercial WordPress plug-in for creating mobile-friendly content display sliders. The flaw was fixed in Slider Revolution 4.2 released in February, but some themes -- collections of files or templates that determine the overall look of a site -- still bundle insecure versions of the plug-in.