Yesterday evening, I learned that Thesis had a security vulnerability on search results pages that could potentially give would-be hackers an entry point into your WordPress installation. Fortunately, the fix is extremely simple, and it’s available now on the Thesis downloads page.
For the record, all future Thesis theme downloads will include this vulnerability fix, so if you download the entire package after the time this article was posted, you won’t have to worry about instituting the fix yourself.
All versions of Thesis are affected by this security vulnerability.
{ 2 trackbacks }
{ 11 comments… read them below or add one }
I haven’t downloaded it yet so it’s less hassle for me. But hope there aren’t any more vulnerabilities in the theme like the one you just discovered.
Thesis is a great theme without a doubt and that’s why I purchased it. However it gotta be secure as well.
What versions are affected?
It’s critical when announcing a vulnerability to say what versions are affected. Thanks.
George — If you click through to the link specified in the post, you’ll be greeted with a huge alert box that says all versions are affected.
Thanks for the update – quick and painless. (in the process of converting out site now)
Fantastic to see this done “before” waiting for another point release. Very commendable Chris!
THanks!
Thanks Chris. All is well.
Chris, thanks for notifying us. It’s always more comforting to run things which has at least one reported vulnerability in them. That way you know at least someone is looking. We constantly get updates to Wordpress itself when it comes to themes I would guess that there is thousands of examples just like this one.
I also noticed that my Neoclassic site has the same vulnerability and it’s also on a test site I have with the CopyBlogger theme. What can I say, I like your themes.
Hi Chris,
I was looking for a contact page to tell you that I am eager to buy the theme, but as I’m from Egypt, I can’t use paypal. Can you please get in touch with me at the mentioned email address to find an alternative payment method?
Thanks a lot.
Thanks for the post. I bought the thesis theme, and I’d really prefer that you send these updates to us via e-mail if at all possible.
Patrick — You can institute the same fix on both the Copyblogger and Neoclassical themes in order to “patch” the security vulnerability.
JPA — We’ve been in touch via email, so I assume you’re ok on this.
Jacob — I agree, and generally, I’ll be sure to email everyone about upgrades, etc.
I’ve customized my Thesis Theme beyond being able to update at this point. Sorry, but it was necessary. Anyway, just curious if you could share a little about the vulnerability so I can attempt to fix it myself. THANKS!
Hi Chris,
I’m sorry I’m asking here but there is no other way to contact with you. I’m thinking about buying your theme but I would like to now first do you provide pot, mo or po files to localize the theme? This is very important to me.
Thanks!