<font color="#333333"><font size="2"><font face="arial,helvetica,sans-serif">Yes, but this was fixed in 3.6.8 <a href="http://themes.svn.wordpress.org/atahualpa/3.6.8/_3.6.8.changelog.txt">http://themes.svn.wordpress.org/atahualpa/3.6.8/_3.6.8.changelog.txt</a> and the current version is 3.7.1 <a href="http://wordpress.org/extend/themes/atahualpa">http://wordpress.org/extend/themes/atahualpa</a></font></font></font><div>
<font color="#333333"><font size="2"><font face="arial,helvetica,sans-serif"><br></font></font></font></div><div><font color="#333333"><font size="2"><font face="arial,helvetica,sans-serif">Emil</font></font></font></div>
<div><font color="#333333"><font size="2"><font face="arial,helvetica,sans-serif"><br clear="all"></font></font></font><div><strong><font face="arial, helvetica, sans-serif">----</font></strong></div><div><font face="arial, helvetica, sans-serif"><strong>Emil Uzelac</strong> | ThemeID | T: 224-444-0006 | Twitter: @EmilUzelac | E: <a href="mailto:emil@themeid.com" target="_blank">emil@themeid.com</a> | <a href="http://themeid.com/" target="_blank">http://themeid.com</a></font></div>
<div><font color="#999999" face="arial, helvetica, sans-serif">Make everything as simple as possible, but not simpler. - Albert Einstein</font></div><br>
<br><br><div class="gmail_quote">On Sat, Oct 8, 2011 at 11:45 PM, Mario Peshev <span dir="ltr"><<a href="mailto:mario@peshev.net">mario@peshev.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div dir="ltr">Hello Reviewers,<div><br></div><div>Someone in the mailing list mentioned Atahualpa theme and I just reminded myself about a XSS attack revealed to this theme - <a href="https://sitewat.ch/en/Advisories/8" target="_blank">https://sitewat.ch/en/Advisories/8</a> (originated from a Russian security site - <a href="http://www.securitylab.ru/vulnerability/407851.php" target="_blank">http://www.securitylab.ru/vulnerability/407851.php</a> ). There are actually lots of other themes reported out there.</div>
<div><br>The Russian (not quite sure about the sitewat one) is the most popular site about security I believe in Russia (I don't live there, but I follow their sources for the past 5 years and never seen any other good source). Therefore as expected lots of other users with a security knowledge observe their advisories and could take advantage of some of the reports.</div>
<div><br>Is there any way to keep an eye to some top resources of vuln lists (or create a list to review once a week) and report the authors with a standard mail or adding some text to the /extends that the theme needs update? Since some of the themes have tens of thousands of downloads, it could be dangerous for most users.</div>
<div><br>It could be even an internal source for WP, but I don't know how wise is to report WP vulnerabilities on the WP site itself.</div><div><br>Any comments on that?<br clear="all"><font color="#888888"><div dir="ltr">
<br>Mario Peshev<br>
Training and Consulting Services @ DevriX<div><a href="http://www.linkedin.com/in/mpeshev" target="_blank">http://www.linkedin.com/in/mpeshev</a><br><a href="http://peshev.net/blog" target="_blank">http://peshev.net/blog</a><br>
</div></div><br>
</font></div></div>
<br>_______________________________________________<br>
theme-reviewers mailing list<br>
<a href="mailto:theme-reviewers@lists.wordpress.org">theme-reviewers@lists.wordpress.org</a><br>
<a href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers" target="_blank">http://lists.wordpress.org/mailman/listinfo/theme-reviewers</a><br>
<br></blockquote></div><br></div>