Hi
Just wondered if Enfold users need to be concerned with the issues regarding add_query_arg and remove_query_arg mentioned on Theme Forest and wordpress.org
Many thanks
Hey arnie-design!
Can you send us a link to these articles please?
Regards,
Elliott
Hi
Here is the Theme Forest one: http://marketblog.envato.com/news/wordpress-item-security-vulnerability/
The WordPress: page: https://make.wordpress.org/plugins/author/pento/
And a couple more reports:
https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html
https://yoast.com/coordinated-security-release/
Kind regards
Mark
Hey Mark!
This is not really a problem for our themes. We only ship the TGM Plugin activation class with our framework which has been identified as not 100% secure and that will update the framework for all themes with the new class asap. To exploit the class you would need admin access anyways so the chance that something bad happens is really slim. All other instances of add_query_arg seem to be secure.
Regards,
Rikard