- This topic has 1 reply, 2 contibutors, and was last updated 8 years, 6 months ago by
.
Question
Hi,
this i a mail from Envato dated Oct 10 :
We are getting in touch to let you know about multiple XSS security vulnerabilities in the Visual Composer WordPress plugin versions prior to 4.7.4 (releases prior to October 2, 2015).
We have been working with WP Bakery, the creators of Visual Composer, who have addressed all identified vulnerabilities and undertaken a code audit to ensure that it is as secure as possible. Theme authors whose items include Visual Composer have been instructed to make sure their items accommodate this upgrade. Items that include older versions of Visual Composer will be disabled from the market until this change is made.
The version available as a download in our member area is still the version 4.7.3
(from change.txt : 29.09.2015 – ver 4.7.3)How can this be ?
I own a couple of sites running VC…
Some of them were already scanned (I see the logs) by hackers…. 2 days ago.I urge you to propose the update and inform your customers !
Eric
Answers
@
Hi @ericheymans, I have submitted this to development team it will be updated shortly..
Thanks:)
Regards
Pallavi
- The question ‘Visual Composer multiple XSS vulnerabilities on versions prior to 4.7.4’ is closed to new replies.