Security issues

open (4 posts) (3 voices)

  1. vcondrad
    Member

    I just got an email from my hosting company saying that my wordpress site got hacked through dejavu. They said that the wp-content/themes/dejavu/lib/functions/core.php file had been infected by malware. So I guess this is a security issue with the current version of dejavu. Is there any chance you guys can fix it and make a new update?

    The hosting company says that the issue is with the "flexslider", a version of "revslider". Can you guys fix it?

    Posted 10 months ago #
  2. OnePressTech
    Member

    I'm sorry to hear that your site got hacked. That's a real pain!

    FYI - No MSMW staff have been able to be contacted in the past 8 months. I'm just another MSMW client that helps out other community members where I can.

    Regarding your site being hacked through "flexslider" I would be cautious to leap to that conclusion. If you are on shared hosting they may have hacked the server through another user's site. Your site could have been hacked through admin brute force attack if you have not protected your admin login and renamed the admin account. If you have your theme set to use TimThumb for your images rather than the WordPress default you would have a vulnerability that could be exploited.

    I'm not sure what, if any, relationship Flexslider may have to RevSlider, but the MSMW FlexSlider is a WooThemes component (see https://github.com/woothemes/FlexSlider ). The MSMW Themes are on v2.0 and Flexslider is up to 2.6.1 so they are the same generation. Looking through the issues on GitHub and searching Google I have not found anyone who has identified that FlexSlider has a vulnerability.

    Thank you though for alerting the MSMW community to the possibility. I will certainly look into it further on behalf of my sites and my clients' sites. I will post back if I find there is a security hole and provide a security patch if one is required.

    Could you attach a copy of the corrupted file to this post so I can take a look at it. Cheers, To be safe, rename the file to have a .txt suffix rather than a .php or .js suffix.

    Posted 10 months ago #
  3. OnePressTech
    Member

    Cheers for spotting that @dbvdb.

    MSMW vulnerabilities occurred in 2014 and were corrected.

    See https://wpvulndb.com/ . The MSMW themes are not listed more recently than 2014.

    Keep in mind that being a popular attack target and being vulnerable are two different things. I am not aware of any current uncorrected vulnerabilities in the MSMW themes or BackStop versions of the MSMW themes. I review this on an ongoing basis as the BackStop Themes custodian and will correct in BackStop Themes any that I find or are reported.

    Cheers,
    Tim

    Posted 3 weeks ago #

Reply

You must log in to post.

Construct WordPress Theme
Construct wordpress theme
Myriad WordPress Theme
Myriad wordpress theme
Method WordPress Theme
Method wordpress theme
Fusion WordPress Theme
Fusion wordpress theme
Elegance WordPress Theme
Elegance wordpress theme
Echelon WordPress Theme
Echelon wordpress theme
Dejavu WordPress Theme
Dejavu wordpress theme
Modular WordPress Theme
Modular wordpress theme