Subscribe Via RSS
WooThemes released a security patch on the 28th April 2012 for their theme framework.
The vulnerability is related to a preview function which allows visitors to run and see the output of any shortcodes used by your installed WooThemes theme. This vulnerability is now widely known (prior to the theme developers being notified), which means, if you use a WooTheme theme your site may be at risk.
Due to a massive server hack WooThemes suffered at this time, the automatic upgrade function within the WordPress dashboard also stopped working. So check your themes version number. Anything before version 5.3.12 is at risk and should be updated immediately.
Also, make sure you upgrade all your themes – even the ones you’re not using – but do remember, the only themes you need on a WordPress site are your current theme, any required parent theme (if it’s a child theme), and at least one of the two that come installed with WordPress (Twenty-ten and Twenty-eleven). Everything else is an unnecessary security risk or just taking up disk space, so remove them.
More in depth information about the exploit can be found at WooThemes.com.
What about you? Do you use WooThemes? Have you had any problem with your theme?
