Many scripts are sold on the market with serious security issues. But why?

I created a ticket for Envato’s team to inform them about the scripts they sell with serious security issues. (never got the answer) After a few days, one of the scripts I mentioned, appeared as a featured, handpicked by the team on Codecanyon’s homepage.

These scripts receive 5 stars ratings so customers have no idea what they are purchasing.

What I noticed after years, that scripts on Codecanyon improved their designs, but what about the code?

When I said “serious security issues”, I meant, upload forms without any kind of security measures so you can upload any type of script freely, SQL injection …

This is just an idea, maybe reviewers should test scripts a little more.

IDK, just saying …

Showoff. If you have found serious security holes in a plugin you purchased, why are you contacting Envato about it?

Open a support ticket with the author of the script and let them know. Ask them to fix it. That’s the only way to resolve such issues.

How many people know how vulnerable their website is?

There is nothing to talk about with the author, there are not one or two vulnerabilities. The entire script is a whole vulnerability.

Again, this kind of script should not be approved in the first place.

Anyway, I opened a ticket but never got the answer.