WP Security: 2 premium theme vulnerabilities in February 2018

WP Security: 2 premium theme vulnerabilities in February 2018

For your WP Security, be informed about the latest vulnerabilities in WordPress themes:

  1. Enfold Theme
    • Rewrite Portfolio Permalink Structure & Information Disclosure reported by Dan Benton https://www.dogsbodytechnology.com/. The changelog describes two security fixes: a security issue that would allow an attacker to export your enfold [theme] settings AND a security issue that allowed an attacker to rewrite the portfolio permalink structure.
      • immediately update to version 4.2.1 to fix vulnerability
  2. Swape Theme
    • Authentication Bypass and Stored XSS reported by Aaron https://mobile.twitter.com/BernsteinA. The theme suffers from a privilege escalation vulnerability, any user can trigger this vulnerability due to weak permissions checking. An attacker can update options, such as changing user’s default role, registration state and others, which may lead to executing commands/code on the server and taking over the website.
      • immediately update to version 1.2.1 to fix vulnerability

Protect your WordPress: BEFORE IT’S TOO LATE! You will also protect your customers, your reputation and your online business!

Related Posts

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.