Envato Market Security Notice: Visual Composer

davidbowen2014 · October 2015

"We are getting in touch to let you know about multiple XSS security vulnerabilities in the Visual Composer WordPress plugin (http://codecanyon.net/item/visual-composer-page-builder-for-wordpress/242431) versions prior to 4.7.4 (releases prior to October 2, 2015). "

Will you be updating BeTheme to include the new build of VC?

Albert · October 2015

VC has been updated on Monday what means recent version is included into theme package.

davidbowen2014 · October 2015

Does updating the theme also update VC?

Albert · October 2015

No, unfortunately not. All plugins must be updated themselves. All details about VC update you can read on http://forum.muffingroup.com/betheme/discussion/1155/wp-bakery-visual-composer-with-be-theme-how-to-update-visual-composer-plugin

Thanks!

8web · October 2015

Hi - question about the Visual Composer plugin vulnerability. IF I HAVE NOT INSTALLED the plugin from the pre-packaged plugins - am I still vulnerable / have to update? (BE Theme)

Albert · October 2015

It just depends what version you got. If you got the latest one, then all is fine and you don't need to update anything.

8web · October 2015

Hi. That does not quite answer my question. I am confused about what a "pre-packaged" plugin means? IF I have not installed the plugin - but the zip file is of course sitting within the files. Is the site vulnerable in that case? Many thanks.

Albert · October 2015

No, it is not vulnerable. Plugins must be updated if you got them installed. But if you did not installed them, you don't need to update plugins. Pre-packaged means thatplugins are bundled into theme package and you can find them under betheme.zip/plugins folder.

Envato Market Security Notice: Visual Composer

Comments