-
Posts
-
Hi,
We have a client who we used your theme for their website. They are getting a Vault Press messages about vulnerabilities today (August 12. 2014). The latest theme is in place at this website.
1. “The shortcode preview functionality that was in the WooFramework’s bundled shortcode generator (the neat popup used to add shortcodes to posts and pages with a point-and-click interface)…allowed users to generate shortcodes using the preview window’s file, without authenticating the user.”
http://www.woothemes.com/2012/04/framework-shortcode-exploit-has-been-fixed/2. A file called “function-set-avia-ajax.php” included in the theme represents an unspecified vulnerability.
Not sure what we should do on our end or to tell the client.
I noticed there was a update in May about this so I didn’t know if this was something new or something with Vault Press….Could you advise?
Thank you for your help!Hey Webtechyartist!
The last time there was this issue Kriesi dug into it and it turned out that it was false flagging the issue though there was a secondary layer of security added just to placate the VaultPress plugin.
Not sure what the second issue is however but its the first we’ve ever been notified about something like it. Generally the whole theme has had a security audit for vulnerabilities and I’ll flag the topic for Kriesi to take a look at.
If there is anything else as part of the error or if you can check with them on what its specifically referring to we can take that into account as well.
Cheers!
DevinOk….I’ve sent email to the client so hopefully I can get more info on the second issue. When I do I’ll post what I receive.
Thank you for responding! I appreciate it.
- The topic ‘Vault Press Security Messages’ is closed to new replies.