[theme-reviewers] Security of themes (just top layer)

Emil Uzelac emil at themeid.com
Sun Oct 9 05:05:24 UTC 2011


Yes, but this was fixed in 3.6.8
http://themes.svn.wordpress.org/atahualpa/3.6.8/_3.6.8.changelog.txt and the
current version is 3.7.1 http://wordpress.org/extend/themes/atahualpa

Emil

*----*
*Emil Uzelac* | ThemeID | T: 224-444-0006 | Twitter: @EmilUzelac | E:
emil at themeid.com | http://themeid.com
Make everything as simple as possible, but not simpler. - Albert Einstein



On Sat, Oct 8, 2011 at 11:45 PM, Mario Peshev <mario at peshev.net> wrote:

> Hello Reviewers,
>
> Someone in the mailing list mentioned Atahualpa theme and I just reminded
> myself about a XSS attack revealed to this theme -
> https://sitewat.ch/en/Advisories/8 (originated from a Russian security
> site - http://www.securitylab.ru/vulnerability/407851.php ). There are
> actually lots of other themes reported out there.
>
> The Russian (not quite sure about the sitewat one) is the most popular site
> about security I believe in Russia (I don't live there, but I follow their
> sources for the past 5 years and never seen any other good source).
> Therefore as expected lots of other users with a security knowledge observe
> their advisories and could take advantage of some of the reports.
>
> Is there any way to keep an eye to some top resources of vuln lists (or
> create a list to review once a week) and report the authors with a standard
> mail or adding some text to the /extends that the theme needs update? Since
> some of the themes have tens of thousands of downloads, it could be
> dangerous for most users.
>
> It could be even an internal source for WP, but I don't know how wise is to
> report WP vulnerabilities on the WP site itself.
>
> Any comments on that?
>
> Mario Peshev
> Training and Consulting Services @ DevriX
> http://www.linkedin.com/in/mpeshev
> http://peshev.net/blog
>
>
> _______________________________________________
> theme-reviewers mailing list
> theme-reviewers at lists.wordpress.org
> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wordpress.org/pipermail/theme-reviewers/attachments/20111009/ec797e4b/attachment-0001.htm>


More information about the theme-reviewers mailing list