Envato Market Security Notice: Visual Composer

davidbowen2014

"We are getting in touch to let you know about multiple XSS security vulnerabilities in the Visual Composer WordPress plugin (http://codecanyon.net/item/visual-composer-page-builder-for-wordpress/242431) versions prior to 4.7.4 (releases prior to October 2, 2015). "

Will you be updating BeTheme to include the new build of VC?

Albert

VC has been updated on Monday what means recent version is included into theme package.

Learn more: Video Tutorials | How To | FAQ Vote on what comes next

davidbowen2014

Does updating the theme also update VC?

Albert

No, unfortunately not. All plugins must be updated themselves. All details about VC update you can read on http://forum.muffingroup.com/betheme/discussion/1155/wp-bakery-visual-composer-with-be-theme-how-to-update-visual-composer-plugin

Thanks!

Learn more: Video Tutorials | How To | FAQ Vote on what comes next

8web

Hi - question about the Visual Composer plugin vulnerability. IF I HAVE NOT INSTALLED the plugin from the pre-packaged plugins - am I still vulnerable / have to update? (BE Theme)

Albert

It just depends what version you got. If you got the latest one, then all is fine and you don't need to update anything.

Learn more: Video Tutorials | How To | FAQ Vote on what comes next

8web

Hi. That does not quite answer my question. I am confused about what a "pre-packaged" plugin means? IF I have not installed the plugin - but the zip file is  of course sitting within the files. Is the site vulnerable in that case? Many thanks.

Albert

No, it is not vulnerable. Plugins must be updated if you got them installed. But if you did not installed them, you don't need to update plugins. Pre-packaged means thatplugins are bundled into theme package and you can find them under betheme.zip/plugins folder.

Learn more: Video Tutorials | How To | FAQ Vote on what comes next