Home Forums WoodMart support forum CRITICAL VULNERABILITY in woodmart code

CRITICAL VULNERABILITY in woodmart code

Viewing 8 posts - 1 through 8 (of 8 total)
  • Author
    Posts
  • May 26, 2023 at 5:55 pm #470350

    ToriTori38
    Participant

    There is a critical vulnerability in your woodmart core files. We need an urgent patch!

    Vulnerability Information: https://www.wordfence.com/threat-intel/vulnerabilities/id/60f043e9-7947-4fff-a9a8-94a1f421db7c?source=plugin (opens in new tab)
    Vulnerability Severity: 9.8/10.0 (Critical)

    May 26, 2023 at 6:17 pm #470354

    socialholicwebmedia
    Participant

    hello Ddeveloper please check urgently it very serious issue

    https://www.wordfence.com/threat-intel/vulnerabilities/id/60f043e9-7947-4fff-a9a8-94a1f421db7c?source=plugin

    May 27, 2023 at 11:19 pm #470525

    Elise Noromit
    Member

    Hello,

    Please insert the site admin access into the Private content below the message area. We will take a closer look at the case.

    We will get back to your asap.

    Best Regards

    May 28, 2023 at 4:44 pm #470590

    ToriTori38
    Participant

    I have no need to insert the admin access as this is your template with the same files as you use on your test environment. So please just check your end and the report which I attached in previous post.

    May 28, 2023 at 9:58 pm #470606

    ToriTori38
    Participant

    Pleas read message in private area

    May 29, 2023 at 9:00 am #470666

    Artem Temos
    Keymaster

    Hello,

    Make sure that you are running the latest version of the theme. Also, the WoodMart core plugin needs to be updated to the latest version 1.0.39 too. You can do this in WoodMart -> Plugins.

    Kind Regards

    May 31, 2023 at 3:21 pm #471480

    ToriTori38
    Participant

    Hello,

    Both our sites running your theme were hacked due to your plugin vulnverability. We have traced it back to this through virus checkers. I have spent days trying to clear this up due to this vulnerability. What makes this worse is that you did not even notify your existing customers that your plugin was compromised, and it took you more than a day to reply after I first notified you.

    I now have a problem of a tracking link being loaded on our site which I need your help to remove. Details in private area.

    June 1, 2023 at 11:38 am #471745

    Artem Temos
    Keymaster

    Hello,

    We released the update with the fix before the vulnerability where publicly disclosed. An email about the update was sent by Envato. Unfortunately, we are not able to modify its content but we mentioned that this update is critically important in all our changelogs.

    Kind Regards

  • Author
    Posts
Viewing 8 posts - 1 through 8 (of 8 total)