add_query_arg and remove_query_arg

Viewing 4 posts - 1 through 4 (of 4 total)

Author

Posts
April 24, 2015 at 12:59 pm #434045

arnie-design
Participant

Hi

Just wondered if Enfold users need to be concerned with the issues regarding add_query_arg and remove_query_arg mentioned on Theme Forest and wordpress.org

Many thanks

April 24, 2015 at 9:23 pm #434451

Elliott
Inactive Moderator

Hey arnie-design!

Can you send us a link to these articles please?

Regards,
Elliott

April 24, 2015 at 10:37 pm #434491

arnie-design
Participant

Hi

Here is the Theme Forest one: http://marketblog.envato.com/news/wordpress-item-security-vulnerability/
The WordPress: page: https://make.wordpress.org/plugins/author/pento/
And a couple more reports:
https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html
https://yoast.com/coordinated-security-release/

Kind regards
Mark

April 27, 2015 at 4:23 am #434973

Rikard
Keymaster

Hey Mark!

This is not really a problem for our themes. We only ship the TGM Plugin activation class with our framework which has been identified as not 100% secure and that will update the framework for all themes with the new class asap. To exploit the class you would need admin access anyways so the chance that something bad happens is really slim. All other instances of add_query_arg seem to be secure.

Regards,
Rikard
Author

Posts

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.

Follow us on Facebook

Kriesi13.000+ likes

Open facebook page

Join our Facebook community

Subscribe to our Newsletter