WP Security: 2 premium theme vulnerabilities in February 2018
For your WP Security, be informed about the latest vulnerabilities in WordPress themes:
- Enfold Theme
- Rewrite Portfolio Permalink Structure & Information Disclosure reported by Dan Benton (https://www.dogsbodytechnology.com). The changelog describes two security fixes: a security issue that would allow an attacker to export your enfold [theme] settings AND a security issue that allowed an attacker to rewrite the portfolio permalink structure.
- immediately update to version 4.2.1 to fix vulnerability
- Swape Theme
- Authentication Bypass and Stored XSS reported by Aaron (https://www.twitter.com/BernsteinA). The theme suffers from a privilege escalation vulnerability, any user can trigger this vulnerability due to weak permissions checking. An attacker can update options, such as changing user's default role, registration state and others, which may lead to executing commands/code on the server and taking over the website.
- immediately update to version 1.2.1 to fix vulnerability
Protect your WordPress!
BEFORE IT'S TOO LATE! You will also protect your customers, your reputation and your online business.