Themeforest CodecanyonCodecanyon Themeforest
When you buy or buy objects on Themeforest and CodeCanyon - WordPress Tavern
Early this week, one of the biggest co-ordinated endeavours between WordPress plug-in writers, Sucuri and the WordPress safety committee resulted in a number of beloved plug-ins being given safety upgrades. As a result of imprecise information in the WordPress code, some programmers incorrectly suspected that the add_query_arg() and remove_query_arg() function would bypass users' inputs correctly.
If they are used in combination, Themeforest and CodeCanyon are selling nearly 8K 8K WordPress articles. Quality Team Leader for Themeforest and CodeCanyon Stephen Cronin has posted an offical board article describing the issue and how vendors can search for it in their articles. When articles that you are selling use the following source key, it is likely to be affected.
The TGM Plugin Activation is a PHP libary developed and maintain by Thomas Griffin and Gary Jones that allows programmers to need or suggest topics and plug-ins. Enables end user to deploy and even automate the activation of plug-ins individually or in mass via WordPress class, features and interface natives.
Vendors should verify their codes and adhere to the policies posted on the Make WordPress Plug-ins Web site. An XSS weakness was detected during the audit of the TGM Plugin Activation class. TGM Plugin Activation has since been upgraded, although the release number has not been change. When you are a reseller using this category, you must upgrade to the latest TGM Plugin Activation release and upgrade your article to the latest one.
From now on there will be an upgrade that ignores these features that you should add to your article, but you should not slow down the upgrade of your articles while you wait for the upgrade. A number of dubious areas within the topic will be addressed by the reviewed staff after they have been clarified.
Topic writers who have pooled affected third-party plug-ins will be approached by Envato in the next few weeks to have their topic updated. It is recommended to review clustered plug-ins before this point to see if they are affected. Cronin says that all WordPress elements are used. As soon as the review is completed, purchasers who have bought an affected product will be informed.
There is no timeframe when the review will be complete, but Cronin says it is a top priorities and progression stories will be posted in this board thread. In contrast to the WordPress. org plug-in folder, Themeforest and CodeCanyon only offer purchasers upgrades and inform them when they sign up in the upgrade system.
It is not an optimum upgrading exercise that will require purchasers to choose to opt out. It is also important that the channels of communications between the market places and the purchasers stay open so that they can keep the articles they buy updated as quickly as possible. When you do business with Themeforest or CodeCanyon, you are looking for updated articles that you have bought.