i got this message
XSS vulnerability in WordPress themes by Kriesi
According to my tests, the following premium WordPress themes by Kriesi are affected by a reflected Cross-site Scripting (XSS) vulnerability:
Abundance – 1,952 sales
Eunoia – 378 sales
Choices – 1,248 sales
Brightbox – 892 sales
Broadscope – 1,039 sales
Corona – 1,712 sales
Flashlight – 2,956 sales
Coalition – 1,079 sales
Shoutbox – 988 sales
Velvet – 600 sales
Upscale – 346 sales
Expose – 473 sales
Propulsion – 2,133 sales (added 30-Oct)
Sentence – 712 sales (added 30-Oct)
Sales figures are based on Themeforest statistics. Over 16,000 web sites could be affected.
Developer status: notified initially on 5th of October
Latest developer response (24-Oct) : rolling out fixes in the near future.
Developer home page: http://kriesi.at/
Official support forum: https://kriesi.at/support/
Kriesi updated Choices today (version 1.6) and this update already takes care of the XSS vulnerability. Other theme updates (eg for Flashlight) will be released today, this week or next week.
The topic ‘xss’ is closed to new replies.