ZoomIt, this seems to be a common issue for some items, though on the positive side Envato is quite fast on resolving it… our item is back online now
Vivaco saidWell that’s ridiculous, guys we have updated the prettyphoto bug 2 weeks ago, added “PrettyPhoto XSS fix” string in review comment section and then bam! Today we got our WP theme http://themeforest.net/item/startuply-multipurpose-startup-theme/9055667 disabled and customers are writing to my email in rage. Sales are slow this time of year for most of us and now this… how could it happen?
Hey Vivaco,
Sorry for that! I see we’ve now re-enabled it. Please accept our apologies.
Cheers,
Stephen
SeaWebster saidHi Stephen,
Our plugin uses the updated version of prettyPhoto (3.1.6). We’ve released the update on June 29, 2015. Please check it out: http://codecanyon.net/item/hover-effects-builder-wordpress-plugin/10932318
Thanks in advance.
Hi SeaWebster,
Sorry - we’ve re-enabled this now. Apologies for the inconvenience and thanks for your patience.
Cheers,
Stephen
ZoomIt saidCommon Envato,
You disabled half of my portfolio, most of which doesn’t even use prettyPhoto.
It was just a mention
if($.fn.prettyPhoto){ ... }For example - Layouter, Parallaxer, etc
And I even sent updates with mention XSS Fix
Hi Zoomit,
Please accept my apologies for that! I see that these are now re-enabled, but sorry for the inconvenience.
Cheers,
Stephen
ZoomIt saidWould have been nice a quick manual check before disabling, especially because I already sent update with prettyPhoto XSS fix
Hi ZoomIt,
Our original plan was to do a manual check of each item before disabling, which would obviously be ideal.
However, we are dealing with such a large number of items that we estimated that it would take up to a week to disable them all! During that time we’d have no capacity to review new items or updates for other reasons and we’d only have limited capacity to review updates for prettyPhoto.
In the end, we decided that disabling items via a script would be the better way to go (though certainly not ideal).
We have been talking about how we can make this better in future. I’d like to see the ability for authors to be able to look up their items and see whether they have been marked as updated. That would help us pick up cases where we missed it and also would also give authors peace of mind. So creating that is now on our list of things to do.
Cheers,
Stephen
Our theme uses the updated version of prettyPhoto (3.1.6). We’ve released the update on June 29, 2015. Please check it out: http://themeforest.net/item/jarvis-onepage-parallax-drupal-theme/7837131
Thanks in advance.
NooTheme
NooTheme saidOur theme uses the updated version of prettyPhoto (3.1.6). We’ve released the update on June 29, 2015. Please check it out: http://themeforest.net/item/jarvis-onepage-parallax-drupal-theme/7837131
Thanks in advance.
NooTheme
You have two jquery.prettyPhoto.js
one in [For Exist Drupal Installation] /themes/jarvis/js/jquery.prettyPhoto.js
and the other one in [For Fresh New Drupal] /files/sites/all/themes/jarvis/js/jquery.prettyPhoto.js
and both prettyPhoto scripts are v3.1.5.
Hi,
We updated Master Slider jQuery four days ago and it has the latest version of prettyPhoto (3.1.6). Please check it out: http://codecanyon.net/item/master-slider-responsive-touch-swipe-slider/6337671
averta saidHi,
We updated Master Slider jQuery four days ago and it has the latest version of prettyPhoto (3.1.6). Please check it out: http://codecanyon.net/item/master-slider-responsive-touch-swipe-slider/6337671
Hi Averta,
Thanks for letting me know. We have re-enabled Master Slider now. Sorry for the inconvenience.
Lotus is still using version 3.1.5 of prettyPhoto - could you please update that one so we can re-enable that too?
Thanks.
Stephen
StephenCronin saidHi Averta,
Thanks for letting me know. We have re-enabled Master Slider now. Sorry for the inconvenience.
Lotus is still using version 3.1.5 of prettyPhoto - could you please update that one so we can re-enable that too?
Thanks.
Stephen
Hi Stephen,
Thanks for the prompt reply.
Yes, we will submit new version as soon as possible.
Averta
Hi,
PrettyPhoto was included in my admin side theme. But it was not used on any of my script. My whole portfolio is now soft disabled. I have already changed and submitted all the files for review 18 hours ago. Still my items has not been approved. Can you tell us how long it will take to approve the items. I have 1300+ sales. My buyers are panicking and sending constant emails to us, because they are thinking we have shut down the product.
A answer would be helpful.
Thanks
Dear Stephen
Please check for our portfolio.
All items was approved from problem prettyPhoto but now another person can not see our theme.
http://themeforest.net/user/Opal_WP/portfolio
Only my account see it.
Let check for us. Thanks and have a nice day!
StephenCronin saidVivaco saidWell that’s ridiculous, guys we have updated the prettyphoto bug 2 weeks ago, added “PrettyPhoto XSS fix” string in review comment section and then bam! Today we got our WP theme http://themeforest.net/item/startuply-multipurpose-startup-theme/9055667 disabled and customers are writing to my email in rage. Sales are slow this time of year for most of us and now this… how could it happen?
Hey Vivaco,
Sorry for that! I see we’ve now re-enabled it. Please accept our apologies.
Cheers,
Stephen
well ok, it happens… thanks for the fast resolution
My plugins have been disabled for almost a day due to prettyphoto vulnerability. I have submitted the files again for review however its taking a lot more time than usual, almost 23 hours now. Can you please take a look since our plugin does NOT include prettyphoto files nor use them. We just check for the existence of $.fn.prettyPhoto so that we can add CSS classes for prettyPhoto effect.
By the way, we did re-submit the plugins after the vulnerabilities were found but did no upload any new package files, since we had no files to change in the current package.
dbcinfotech saidHi,
PrettyPhoto was included in my admin side theme. But it was not used on any of my script. My whole portfolio is now soft disabled. I have already changed and submitted all the files for review 18 hours ago. Still my items has not been approved. Can you tell us how long it will take to approve the items. I have 1300+ sales. My buyers are panicking and sending constant emails to us, because they are thinking we have shut down the product.A answer would be helpful.
Thanks
Hi dbcinfotech,
Thanks - we’ve seen your items in the queue and will get to them soon (they do need a reviewer to check them). We’re focusing on the prettyPhoto items, but we’re starting to get quite a few of them! Hopefully it won’t take too long.
Cheers,
Stephen
Opal_WP saidDear Stephen
Please check for our portfolio.
All items was approved from problem prettyPhoto but now another person can not see our theme.
http://themeforest.net/user/Opal_WP/portfolio
Only my account see it.
Let check for us. Thanks and have a nice day!
Hi Opal_WP,
I can confirm that all your items are enabled, but there is some issue with the site which is preventing them being displayed properly. The individual pages are live, but are giving errors every 4 or 5 page views and they are not listed under your portfolio.
I have asked the tech support team to investigate this. Hopefully they will be able to resolve this soon.
Cheers,
Stephen
Is any reviewer online to enable our updated items, cause they are 8 hours in queue,
Nunforest saidIs any reviewer online to enable our updated items, cause they are 8 hours in queue,
Yep, we’re here.
Ivor saidNunforest saidIs any reviewer online to enable our updated items, cause they are 8 hours in queue,
Yep, we’re here.
Thanks Ivor, can you enable some of our disabled items, we updated prettyphoto.
StephenCronin saidArtureanec saidHi! How is it applies to PSD templates?
I got an email from Envato:
Unfortunately your item LF - One Page Multi Purpose PSD Theme has been disabled from ThemeForest. Here’s some feedback from our Review team on why it was disabled.
Item soft-disabled because it uses an insecure version of the prettyPhoto jQuery library as outlined here: http://themeforest.net/forums/thread/security-vulnerability-affecting-prettyphoto-jquery-script/181180
Please make the required changes to your item and resubmit for re-review at http://themeforest.net/item/lf-one-page-multi-purpose-psd-theme/edit/5873014
Maybe I do not understand? Explain, please!
Thanks!
Hi Artureanec,
I checked for you and found prettyPhoto is inside this file:
HTML\js\jquery-packed_plugins.js
It’s version 3.1.5 - can you please update this to 3.1.6 and resubmit? Thanks.
Cheers,
Stephen
Stephen but it’s psd theme