xss

4 posts from 3 voices

• Started 6 months ago by luigioss
• Latest reply from Kriesi
• This topic is closed
• This topic is resolved

Tags:

No tags yet.

1. 

   luigioss
   Member

   i got this message

   XSS vulnerability in Wordpress themes by Kriesi
   According to my tests, the following premium Wordpress themes by Kriesi are affected by a reflected Cross-site Scripting (XSS) vulnerability:

   Abundance - 1,952 sales
   Eunoia - 378 sales
   Choices - 1,248 sales
   Brightbox - 892 sales
   Broadscope - 1,039 sales
   Corona - 1,712 sales
   Flashlight - 2,956 sales
   Coalition - 1,079 sales
   Shoutbox - 988 sales
   Velvet - 600 sales
   Upscale - 346 sales
   Expose - 473 sales
   Propulsion - 2,133 sales (added 30-Oct)
   Sentence - 712 sales (added 30-Oct)
   Sales figures are based on Themeforest statistics. Over 16,000 web sites could be affected.

   Developer status: notified initially on 5th of October
   Latest developer response (24-Oct) : rolling out fixes in the near future.
   Developer home page: http://www.kriesi.at/
   Official support forum: http://www.kriesi.at/support/

   what about?

   Posted 6 months ago #
2. 

   luigioss
   Member

   it's an important issue

   Posted 6 months ago #
3. 

   Dude
   Dude

   Hi!

   Kriesi updated Choices today (version 1.6) and this update already takes care of the XSS vulnerability. Other theme updates (eg for Flashlight) will be released today, this week or next week.

   Best regards,
   Peter

   Posted 6 months ago #
4. 

   Kriesi
   Key Master

   Hey! We got multiple updates in the pipeline already that only wait for themeforest approval, during the next few days we will check each of the mentioned themes and upload the fix if necessary :)

   Flashlight update should be approved within the next few hours

   Best regards
   Kriesi

   Posted 6 months ago #

RSS feed for this topic

Topic Closed

This topic has been closed to new replies.