Hi Guys,
I got the following security report from Zerocopter for three websites running Enfold. I am not sure this is a real security risk for the use of Enfold?
It works the same as is described in the article below but for a unclaimed theme, like here: https://wordpress.org/themes/enfold/
https://vavkamil.cz/2021/11/25/wordpress-plugin-confusion-update-can-get-you-pwned/
It is called the WP theme confusion attack. I can send you all of the infromation but then I need to be able to upload the images they sent me.
Please let me know what you think and whether you need additional information. Thanks Rob
Hi Rob,
Thanks for contacting us!
We have checked the article you have shared and do not think it is a security risk for Enfold and for themes in general. More information does not hurt so please feel free to upload the screenshots on imgur.com and post the links here so we can check them as well :)
Regards,
Yigit
Hi Yigit,
Thanks I don’t think it is a issue either because enfold isn’t a custom theme. The only risk I see is that someone could claim the name Enfold on wordpress.org and use that name somehow to mislead people. So I wondered whether you have claimed it is a trademark on wordpress.org.
See images below for the rest of the info.
Hi,
Thanks!
I think so too but as also mentioned in the screenshot you shared, WordPress team do not accept themes to their repository when theme name is the same or similar to existing theme. Enfold is not on WP repository but considering its popularity, I am pretty sure WP team would not ever accept a free theme with the same name :)
Regards,
Yigit
Ok thanks better to check it and be on the safe side with these kinds of things. Have a good day. Rob