• Skip to primary navigation
  • Skip to main content
  • Skip to footer
WPSecurityLock – Malware removal & WordPress security services

WPSecurityLock – Malware removal & WordPress security services

WordPress security, malware removal, repair, backups, ongoing maintenance, installation, site migration & support services – WP Security Lock.

  • Facebook
  • LinkedIn
  • Twitter
  • Home
  • About
    • About Us
    • Speaker Information
    • Contact Us by Phone, Email or Live Chat
    • Testimonials
  • Security Services
    • Malware / Virus Removal
    • WordPress Security and Installation Services
    • Monthly Security Packages
    • SSL Conversion Service (HTTP to HTTPS)
  • Blog
  • Resources
  • Contact
  • SafeWP

WooThemes Security Patch – Critical Update

May 1, 2012 By Regina Smola 1 Comment

WooThemes released a security patch today for their theme framework. The vulnerability is related to a preview function and allows visitors to run and to see the output of any shortcodes used by your theme. Unfortunately, the vulnerability is now widely known (having been published on the Internet before the theme developers were notified), which means every site using WooThemes is at risk. 

Further compounding the issue is the fact that WooThemes suffered a massive server hack which, while it does not pose any direct threat to users of their themes, did cause the automatic upgrade function within the WordPress dashboard to stop working. That means you can’t rely on a dashboard notification to let you know when it’s time to upgrade. Instead, you’ll need to check your version number. Anything before version 5.3.12 is at risk and should be updated immediately.

If you don’t have the upgrade button on your dashboard, you’ll need to update your theme manually. You can find the instructions here.

Make sure you upgrade all your themes – even the ones you’re not using – because this vulnerability can be exploited even in an inactive theme. Actually, now might be a really good time to just get rid of those themes you’re not using. The only themes you need on a WordPress site are your current theme, any required parent theme, and at least one of the two that come installed with WordPress (Twenty-ten and Twenty-eleven). Everything else is an unnecessary security risk.

Perhaps the most concerning thing about this whole incident is that this vulnerability was discovered on April 23, and users were not notified until today. Seven days is a long time to let your customers' sites remain open to attack. Shame on WooThemes for not being more proactive.

More information about the exploit can be found at WooThemes.com.

What about you? Do you use WooThemes? Have you upgraded yet? Let us know how the upgrade process went for you. 

 

Filed Under: Bugs & Vulnerabilities

Reader Interactions

Comments

  1. Kris Olin says

    May 1, 2012 at 7:44 pm

    I just updated my framework. Thanks for the tip! WOO still rules!

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Let’s work together:

Get in touch with us and send some basic info about your project. Don't be shy, we can help with just about anything.

Contact Us!

Footer

  • Facebook
  • LinkedIn
  • Twitter

Contact

Call 815-600-7270
Contact
Mo,Tu,We,Th,Fr 9:00 am – 5:00 pm

Get WordPress Help Now

Chat With Us!
Submit A Support Ticket

Copyright © 2025 | WP Security Lock, Inc