[theme-reviewers] Security issues in MesoColumn

Chip Bennett chip at chipbennett.net
Sun Oct 27 13:58:33 UTC 2013


Theme has been suspended, due to these and other issues with Theme Options
not conforming to Guidelines.


On Sun, Oct 27, 2013 at 9:44 AM, Joe Hoyle <joehoyle at gmail.com> wrote:

> Hey,
>
> I was reviewing http://themes.trac.wordpress.org/ticket/14989 and decided
> to check out the whole theme for a review. Without being too specific, the
> theme does not sanitize any options that are saved through it’s Theme
> Options pane, allows SQL injection and possible XSS. I was going to put the
> details on the ticket, however as this theme is already live I didn’t want
> to disclose it in detail there.
>
> I have a more in-detail report if a member of the team wants to proceed
> (however that may work).
>
> Thanks
> --
> Joe Hoyle
> Sent with Sparrow <http://bit.ly/sigsprw>
>
>
> _______________________________________________
> theme-reviewers mailing list
> theme-reviewers at lists.wordpress.org
> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wordpress.org/pipermail/theme-reviewers/attachments/20131027/b22ce3ee/attachment.html>


More information about the theme-reviewers mailing list