For your WP Security, be informed about the latest vulnerabilities in WordPress themes:
- Enfold Theme
- Rewrite Portfolio Permalink Structure & Information Disclosure reported by Dan Benton https://www.dogsbodytechnology.com/. The changelog describes two security fixes: a security issue that would allow an attacker to export your enfold [theme] settings AND a security issue that allowed an attacker to rewrite the portfolio permalink structure.
- immediately update to version 4.2.1 to fix vulnerability
- Swape Theme
- Authentication Bypass and Stored XSS reported by Aaron https://mobile.twitter.com/BernsteinA. The theme suffers from a privilege escalation vulnerability, any user can trigger this vulnerability due to weak permissions checking. An attacker can update options, such as changing user’s default role, registration state and others, which may lead to executing commands/code on the server and taking over the website.
- immediately update to version 1.2.1 to fix vulnerability