I hate my first post on these forums to be a negative one but I feel it has to be said.
I’ve bought many things from Envato and the past few have been the worst ever. From a security point anyway.
Envato claims all items are quailty checked. But how can this be when the last script I bought had so many exploits and the author didn’t care. I’ve been waiting 2 months now for a response from Envato support that I’ve given up.
I proved the script I bought contained multiple exploits yet the author doesn’t care. He seemed to think that an htaccess file was the fix when the exploit was from bad php coding. Along with that it had XSS exploits all over. They also had left code from when the author was coding still also exposing server information along with more exploits.
What makes me upset is I asked support for a refund within the 30 day EU refund law. I got promised the issue was being worked on. This was in April and June is here yet I’ve had no reply to my email and the script is still insecure with no updates or refund.
Only $26 lost but still.
I then decided to buy another script and thankfully I knew someone else with it and they let me check their copy beforehand on their server. I’m glad I never bought it now. A $39 script using insecure MD5 password hashing. MD5 has been cracked for almost 4 years. It’s beyond insecure and you can crack a password using MD5 in under 1 second since 2013. I emailed this seller directly asking for an update/fix yet this seller ignored me and never replied. They still expect $39 for an insecure script.
If items are quality checked then how can scripts so insecure be allowed on the market? Using MD5 hashing is almost as silly as leaving your admin panel without a password. You might as well just leave your password in plaintext it’s that bad.
I wouldn’t even pay $10 for a script using MD5 let alone the price some authors expect here. Something with a user function/system needs to use something like SHA512 with SALT if not something stronger.
Envato needs to review scripts better and understand that security is important in this day and age and also to pay better attention to clients like me as we’re the one’s who keep the site alive. If everybody knew the risks faced by the insecure scripts sold here or the failed support I doubt anybody would come back.
I’m asking Envato to take the right actions.