WordPress Security Report of Theme Vulnerabilities and Security Fixes
On June 19, 2012, I checked security on the following themes reported with security vulnerabilities.
Important! When a theme is cracked into, unfortunately the bad guys boast about it online which can cause hack attacks on those using it. I check for new threats daily and have made it my mission to help you keep your WordPress site safe.
This information is not to put you into panic mode. I do this research and share it with you to make you aware of any security issues so you can protect your website(s).
Also note that all themes listed at WordPress.org must meet strict guidelines before they are listed at their repository.
Themes are required to implement Theme settings properly, to ensure proper data security, and and to ensure end user privacy.
Source: http://codex.wordpress.org/Theme_Review#Security_and_Privacy
The WordPress Theme Review Team act very quickly when a theme vulnerability is discovered. They removing public access and contact the theme developer right away.
For WordPress security, please review the WordPress themes below to see if they have been removed from WordPress.org, pending a security update or if a security fix is available.
- Deep Blue
Threat: Arbitrary File Upload Vulnerability in Version 1.9.2
Reported: 06/17/2012
Status: Removed from the WordPress.org repository
Old URL: http://wordpress.org/extend/themes/deep-blue
Trac: http://themes.trac.wordpress.org/log/deep-blue/ (last update 10/14/2011)
Note: A premium version is available at the developers website. I have no information if the pro version is affected. - Famous
Threat: Arbitrary File Upload Vulnerability in Version 2.0.5
Reported: 06/17/2012
Status: Removed from the WordPress.org repository
Old URL: http://wordpress.org/extend/themes/famous
Trac: http://themes.trac.wordpress.org/log/famous/ (last update 12/16/2011)
Note: A premium version is available at the developers website. I have no information if the pro version is affected. - Photocrati (Premium Theme)
Threat: Remote File Upload Vulnerability (Version not available)
Reported: 06/13/2012
Status: Unknown. I emailed the developer June 16, 2012 and have not received a response.
URL: http://photocrati.com
Changelog: http://members.photocrati.com/developers-corner/ (last update 12/18/2011)
Note: The affected version is not published. Please check with the developer if you use this theme.
What to do your theme is listed above with “Status: Unknown…”
Important! For better WordPress security, you should deactivate the theme immediately and remove it from your site until a security fix has been released. Leaving a vulnerable theme on your server (active or inactive) still poses a security risk. You should switch to a default WordPress theme from within your Dashboard and contact the developer.
What to do if the theme you're using is listed as “Status: Removed from the WordPress.org repository?”
Important! For WordPress security, you should deactivate and remove the theme immediately until a security update is available or find a replacement.
Will a removed free theme get re-listed on WordPress.org?
For your protection WordPress.org removes the theme link until the developer has fixed any security issues. Once the vulnerability is fixed and reviewed by WordPress.org, the theme might get re-listed.
Note: Many times, third-party theme developers are actively working on a security fix. To check the status of any theme development and/or updates, click on the “Trac” or Changelog links above or copy and paste the Old URL to see if the theme has been re-listed. If it is re-listed, it is safe to use the latest theme version.
LEAVE YOUR FEEDBACK
Have a question about security of these WordPress themes? Need to report a theme vulnerability or have you found one that has been removed from the WordPress.org repository, please let us know. Leave your comment below.
P.S. I spend hours on these reports to help you stay safe. Please help other WordPress users as well by sharing this post using the buttons below.
Leave a Reply