Widespread WordPress Plugins and Themes Security Vulnerability

This topic has 4 replies, 2 voices, and was last updated 9 years, 8 months ago ago by Eva Kemp

  • Avatar: ilnegozio
    ilnegozio
    Participant
    April 23, 2015 at 20:26

    This is a general community announcement to bring your attention to an XSS vulnerability affecting multiple WordPress plugins and themes. The vulnerability is caused by a common code pattern used in WordPress plugins and themes available from ThemeForest and CodeCanyon, the wordpress.org website and other sources.

    This issue is not limited to themes and plugins purchased from ThemeForest or CodeCanyon. Anyone using a WordPress website, regardless of where the theme or plugin was sourced, needs to be aware of this and take immediate action to ensure it is secure.

    What should I do?

    As there is no simple way of knowing exactly which plugins or themes are affected, and the issue is widespread, our best advice is to periodically check for updates to any WordPress themes or plugins you are using and apply those available as soon as possible.

    Envato is actively working with all ThemeForest and CodeCanyon authors, explaining the issue and asking them to check that their items are secure and to update them if necessary.

    We expect ThemeForest and CodeCanyon items to be continuously updated over the coming weeks, with the majority updated in the next few days. Updates may be downloaded from the Downloads page as they become available. If you would like to be automatically notified about new updates, please activate “Item update notifications” in your email settings.

    For updates to items obtained from other sources, please check the Plugins and Themes pages in the WordPress Admin area or contact the source of the product.

    We strongly recommend continuing to check for updates, especially over the next few weeks, but also on an ongoing basis. It is important to always keep your WordPress installation and associated plugins and themes up to date. If you still have concerns, we suggest engaging an experienced WordPress developer to check whether your site is affected.

    Please advise on this issue. Thanks.

    Main Source: http://marketblog.envato.com/news/wordpress-item-security-vulnerability/

    3 Answers
    Avatar: Eva
    Eva Kemp
    Support staff
    April 24, 2015 at 14:47

    Hello,

    Our developers always check theme files and the plugins that are included in the theme package. You shouldn’t worry about it, but always keep all plugins and theme up to date. Also you need check sources of other plugins that you use if they are safe for usage.

    Thank you.
    Regards,
    Eva Kemp.

    Avatar: ilnegozio
    ilnegozio
    Participant
    April 24, 2015 at 19:13

    Hi Eva,

    Noted, and thanks for the info.

    Regards.

    Avatar: Eva
    Eva Kemp
    Support staff
    April 24, 2015 at 20:54

    Hello,

    You’re welcome.

    Regards,
    Eva Kemp.

  • Viewing 4 results - 1 through 4 (of 4 total)

The issue related to '‘Widespread WordPress Plugins and Themes Security Vulnerability’' has been successfully resolved, and the topic is now closed for further responses

We're using our own and third-party cookies to improve your experience and our website. Keep on browsing to accept our cookie policy.