This article is deprecated! Any technical information contained herein likely refers to software versions that are now obsolete. Please visit our blog home page for current updates.
Update: This security fix has been resolved on September 11th, 2008. If you downloaded and installed Thesis after that date, you’re good to go.
Yesterday evening, I learned that Thesis had a security vulnerability on search results pages that could potentially give would-be hackers an entry point into your WordPress installation. Fortunately, the fix is extremely simple, and it’s available now.
For the record, all future Thesis theme downloads will include this vulnerability fix, so if you download the entire package after the time this article was posted, you won’t have to worry about instituting the fix yourself.
All versions of Thesis are affected by this security vulnerability.