Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
  • #17439

    i got this message

    XSS vulnerability in WordPress themes by Kriesi

    According to my tests, the following premium WordPress themes by Kriesi are affected by a reflected Cross-site Scripting (XSS) vulnerability:

    Abundance – 1,952 sales

    Eunoia – 378 sales

    Choices – 1,248 sales

    Brightbox – 892 sales

    Broadscope – 1,039 sales

    Corona – 1,712 sales

    Flashlight – 2,956 sales

    Coalition – 1,079 sales

    Shoutbox – 988 sales

    Velvet – 600 sales

    Upscale – 346 sales

    Expose – 473 sales

    Propulsion – 2,133 sales (added 30-Oct)

    Sentence – 712 sales (added 30-Oct)

    Sales figures are based on Themeforest statistics. Over 16,000 web sites could be affected.

    Developer status: notified initially on 5th of October

    Latest developer response (24-Oct) : rolling out fixes in the near future.

    Developer home page:

    Official support forum:

    what about?


    it’s an important issue



    Kriesi updated Choices today (version 1.6) and this update already takes care of the XSS vulnerability. Other theme updates (eg for Flashlight) will be released today, this week or next week.

    Best regards,



    Hey! We got multiple updates in the pipeline already that only wait for themeforest approval, during the next few days we will check each of the mentioned themes and upload the fix if necessary :)

    Flashlight update should be approved within the next few hours

    Best regards


Viewing 4 posts - 1 through 4 (of 4 total)

The topic ‘xss’ is closed to new replies.