Kjapp og trygg hosting for Wordpress

Visual Composer WordPress [XSS]

xdex

Medlem
Jeg fikk info rett fra utviklerne, fikk også info fra Envato en stund etterpå.

We are getting in touch to let you know about multiple XSS security vulnerabilities in the Visual Composer WordPress plugin versions prior to 4.7.4 (releases prior to October 2, 2015).

We have been working with WP Bakery, the creators of Visual Composer, who have addressed all identified vulnerabilities in version 4.7.4 and later, and undertaken a code audit to ensure that it is as secure as possible.

What You Should Do
In order to secure your item(s) from these vulnerabilities we strongly encourage you to update to version 4.7.4 or later as soon as possible. Instructions on how to update Visual Composer can be found on the WPBakery website.

You can check whether you have updated successfully by going to the WordPress dashboard Plugins page and checking the Visual Composer entry. Please make sure that the version number says 4.7.4.

If you have used this plugin in projects for clients, please help them to secure their sites as well.

Your Security is Our Priority
We take security seriously at Envato. When we receive security vulnerability reports for items sold on our marketplaces, we work as quickly as possible to validate the report, investigate risk and determine the best course of action for the security of our community.

On behalf of the plugin creator and Envato, we'd like to apologise for this inconvenience and assure you that your security always is and will be our priority.

Regards,
The Envato Team​
 

xdex

Medlem
My security is more like an afterthought for them; jeg har ikke fått noe epost fra de.
Og dette er ikke første gang det er tull med Envato's handling av et sikkerhets-relatert problem.

Det er sant, men dette er vel strengt tatt ikke envato sin skyld, men utvikleren selv. Selv om envato gikk på tidenes smell uten å kryptere passord :eyeroll:

Mulig det kun er folk som har kjøpt pluginet direkte fra utvikler som har fått e-post, og ikke 3-part leverandører (templates etc).
 

xdex

Medlem
Fikk også en epost fra dem, med en liste over hvilken software av de jeg har kjøpt som er sårbare. Men listen var tom...

Det ble sendt ut en ny e-post, som korrigerte dette, samt en unskyldning for at det skjedde. Ser ut som at det går litt fort i svingene for envato.

We have identified a group of emails we recently sent in which the list of affected themes was missing or incorrect. We apologise for any confusion this may have caused. We have worked to correct this information and have included the corrected list of affected themes below.

- - - CORRECTED EMAIL - - -​
 

Stoppet

Banned
Shit happens. Hvem er så flink at de kan begynne å kaste sten?
 
Topp