Widespread WordPress Plugins and Themes Security Vulnerability

Discussion in 'Masalah Teknik dan Keamanan' started by Bforce, 25 Apr 2015.

Thread Status:
Not open for further replies.
  1. Bforce

    Bforce _ DWH Admin Web Hosting (Company)

    Messages:
    1,420
    Likes Received:
    305
    Trophy Points:
    83
    FYI, ini email dari Evanto, mungkin perlu dipelajari bagi yang belum mengetahui perkembangan terakhir.


    [​IMG]

    Hello ....,

    This is a general community announcement for all buyers of WordPress items to bring your attention to an XSS vulnerability affecting multiple WordPress plugins and themes. The vulnerability is caused by a common code pattern used in WordPress plugins and themes available from ThemeForest and CodeCanyon, the wordpress.org website and other sources.

    This issue is not limited to themes and plugins purchased from ThemeForest or CodeCanyon. Anyone using a WordPress website, regardless of where the theme or plugin was sourced, needs to be aware of this and take immediate action to ensure it is secure.

    What should I do?
    As there is no simple way of knowing exactly which plugins or themes are affected, and the issue is widespread, our best advice is to periodically check for updates to any WordPress themes or plugins you are using and apply those available as soon as possible.

    Envato is actively working with all ThemeForest and CodeCanyon authors, explaining the issue and asking them to check that their items are secure and to update them if necessary.

    We expect ThemeForest and CodeCanyon items to be continuously updated over the coming weeks, with the majority updated in the next few days. Updates may be downloaded from the Downloads page as they become available. If you would like to be automatically notified about new updates, please activate "Item update notifications" in your email settings.

    For updates to items obtained from other sources, please check the Plugins and Themes pages in the WordPress Admin area or contact the source of the product.

    We strongly recommend continuing to check for updates, especially over the next few weeks, but also on an ongoing basis. It is important to always keep your WordPress installation and associated plugins and themes up to date. If you still have concerns, we suggest engaging an experienced WordPress developer to check whether your site is affected.

    More details are available via the following links:
    Kind Regards,

    Envato Support
     
  2. jaapns

    jaapns Hosting Guru Web Hosting

    Messages:
    3,261
    Likes Received:
    443
    Trophy Points:
    83
    sip lgs ke TKP cek and ricek, ada beberapa plugin masuk ,...
     
  3. SulisSoft

    SulisSoft Hosting Guru Web Hosting

    Messages:
    1,265
    Likes Received:
    361
    Trophy Points:
    83
    ikut meluncur :crutch:
     
  4. PusatHosting

    PusatHosting Hosting Guru Web Hosting

    Messages:
    3,340
    Likes Received:
    326
    Trophy Points:
    83
    Wah rasanya semua rata2 pakai 4 plugin dari atas itu. waktunya update!
     
  5. mustafaramadhan

    mustafaramadhan Hosting Guru

    Messages:
    3,237
    Likes Received:
    857
    Trophy Points:
    113
    Plugins wajib saya adalah wordfence. Akan dapat email jika ada update atau warning dari wordfence.
     
  6. atria

    atria Apprentice 1.0

    Messages:
    243
    Likes Received:
    12
    Trophy Points:
    18
    Waduh...... Harus updates segera nih.... :110:
     
  7. Yadi123

    Yadi123 Poster 1.0

    Messages:
    68
    Likes Received:
    2
    Trophy Points:
    8
    I need learn for my web security, nice post Mr.
     
    atria likes this.
Loading...
Thread Status:
Not open for further replies.

Share This Page

Loading...