BuddyBoss Home – Web Support Forums Solutions Social Learner Visual Composer multiple XSS vulnerabilities on versions prior to 4.7.4

Viewing 2 posts - 1 through 2 (of 2 total)
  • Question

    #48490
    @ericheymans

    Hi,

    this i a mail from Envato dated Oct 10 :

    We are getting in touch to let you know about multiple XSS security vulnerabilities in the Visual Composer WordPress plugin versions prior to 4.7.4 (releases prior to October 2, 2015).

    We have been working with WP Bakery, the creators of Visual Composer, who have addressed all identified vulnerabilities and undertaken a code audit to ensure that it is as secure as possible. Theme authors whose items include Visual Composer have been instructed to make sure their items accommodate this upgrade. Items that include older versions of Visual Composer will be disabled from the market until this change is made.

    The version available as a download in our member area is still the version 4.7.3
    (from change.txt : 29.09.2015 – ver 4.7.3)

    How can this be ?

    I own a couple of sites running VC…
    Some of them were already scanned (I see the logs) by hackers…. 2 days ago.

    I urge you to propose the update and inform your customers !

    Eric

    Answers

    #48497

    Anonymous
    @

    Hi @ericheymans, I have submitted this to development team it will be updated shortly..

    Thanks:)

    Regards
    Pallavi

Viewing 2 posts - 1 through 2 (of 2 total)
  • The question ‘Visual Composer multiple XSS vulnerabilities on versions prior to 4.7.4’ is closed to new replies.