1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Envato's alerting its customers about Wordpress vulnerabilities

Discussion in 'BlackHat Lounge' started by nycdude, Apr 25, 2015.

  1. nycdude

    nycdude Regular Member

    Joined:
    Oct 1, 2009
    Messages:
    485
    Likes Received:
    562
    Location:
    Mazatlán
    Anyone else see this when they go to Envato?

    http://marketblog.envato.com/news/wordpress-item-security-vulnerability/

    Widespread WordPress Plugins and Themes Security Vulnerability

    This is a general community announcement to bring your attention to an XSS vulnerability affecting multiple WordPress plugins and themes. The vulnerability is caused by a common code pattern used in WordPress plugins and themes available from ThemeForest and CodeCanyon, the wordpress.org website and other sources.
     
  2. archon10

    archon10 BANNED BANNED

    Joined:
    Oct 10, 2011
    Messages:
    1,181
    Likes Received:
    1,667
    lol wordpress users.


    Whenever someone tells me they want wordpress, if I'm not in customer service mode, I tell them to enjoy their hacked website.
     
  3. nycdude

    nycdude Regular Member

    Joined:
    Oct 1, 2009
    Messages:
    485
    Likes Received:
    562
    Location:
    Mazatlán
    Agreed, I ran far away from Wordpress a long time ago after my last disaster with infections. Took me a long time to get back around.
     
  4. archon10

    archon10 BANNED BANNED

    Joined:
    Oct 10, 2011
    Messages:
    1,181
    Likes Received:
    1,667
    Yep, I've seen some medium size companies go cheap and decide to use WordPress to save on costs. Couple years later, hacked. lol

    Every site I ever threw up and abandoned (hmm maybe like 5?) got hacked sooner or later if it was on WP.

    It was a nice idea, but you can't really have 0 QA in place, import someone else's code and expect everything to be great. I tested the waters with WP plugins just to say I did it and my plugins were crap and passed their QA. ThemeForest has better QA than WP. At least with them, they actually read your code and give you feedback before you upload it.