Critical Security Vulnerability in Woodmart Core

Hello Xtemos Team,

My website’s security plugin uncovered a “critical” security vulnerability with the Woodmart Core plugin. Are there any plans to fix this in the immediate future?

Attachments:

You must be logged in to view attached files.

Hello,

This bug has been already fixed in our theme. Make sure that you are running the latest version of the theme. Also, the WoodMart core plugin needs to be updated to the latest version 1.0.39 too. You can do this in WoodMart -> Plugins.

Best Regards.

Apologies but we’re not seeing where to update. And Woodmart never prompted us for an update… Can you please point us in the right direction?

Attachments:

You must be logged in to view attached files.

We think we found the issue… we have cron jobs disabled in wp-cron because of the huge load it puts on the server. We have scheduled server side cron jobs set instead. Looks like Woodmart doesn’t check for server cron jobs which is why we’re not being notified of updates to the theme/core. We were able to manually update the theme and core for now.

Is there anyway to enable the ability to check the cron events and not the wp events?

Hello,

The latest version of the Theme running is 7.2.4 and the Core version running is 1.0.39. And the WPCron system is not connected to the theme. It is a WordPress functionality and doesn’t depend on WoodMart. Do you have any issues with our theme in this situation?

Best Regards.

[Author]

Posts