[theme-reviewers] Security of themes (just top layer)

Mario Peshev mario at peshev.net
Sun Oct 9 04:45:55 UTC 2011

Hello Reviewers,

Someone in the mailing list mentioned Atahualpa theme and I just reminded
myself about a XSS attack revealed to this theme -
https://sitewat.ch/en/Advisories/8 (originated from a Russian security site
- http://www.securitylab.ru/vulnerability/407851.php ). There are actually
lots of other themes reported out there.

The Russian (not quite sure about the sitewat one) is the most popular site
about security I believe in Russia (I don't live there, but I follow their
sources for the past 5 years and never seen any other good source).
Therefore as expected lots of other users with a security knowledge observe
their advisories and could take advantage of some of the reports.

Is there any way to keep an eye to some top resources of vuln lists (or
create a list to review once a week) and report the authors with a standard
mail or adding some text to the /extends that the theme needs update? Since
some of the themes have tens of thousands of downloads, it could be
dangerous for most users.

It could be even an internal source for WP, but I don't know how wise is to
report WP vulnerabilities on the WP site itself.

Any comments on that?

Mario Peshev
Training and Consulting Services @ DevriX
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wordpress.org/pipermail/theme-reviewers/attachments/20111009/836cb031/attachment.htm>

More information about the theme-reviewers mailing list