Security Vulnerability Affecting prettyPhoto jQuery Script

fruitfulcode · June 30, 2015, 4:27pm

Hello Stephen

All our themes are already updated, please can you check?
I forgot add phrase “prettyPhoto XSS fix” in the notes, sorry.

Thanks

StephenCronin · July 1, 2015, 7:50am

lidplussdesign said
Hello StephenCronin,

Can you please also check our 6 themes http://lpd-themes.d.pr/1fTEe , are they all marked as safe?

Very appreciate.

Hi Lidplussdesign,

Yep, all 6 of your themes on the list are marked as updated.

Cheers,
Stephen

StephenCronin · July 1, 2015, 7:52am

LSVRthemes said
Hi Stephen. Can you please check out my themes too? I've updated two of them which were on the list last week, so I hope they are ok now. Thanks.

Lubos

Hi LSVRthemes,

All 3 of your items on the list are marked as being updated.

Cheers,
Stephen

StephenCronin · July 1, 2015, 7:54am

Themewaves said
Hello,

Check my items too. We have updated it last week.

Thanks.

Hi Themewaves,

All 11 of your themes on the list are marked as updated.

Cheers,
Stephen

colorthemewp · July 1, 2015, 9:09am

Hi Stephen,

Can you check our items? And list of these items? Thanks

StephenCronin · July 1, 2015, 11:35am

fruitfulcode said
Hello Stephen

All our themes are already updated, please can you check?
I forgot add phrase “prettyPhoto XSS fix” in the notes, sorry.

Thanks

Hey Fruitfulcode,

All 4 items are all marked as having been updated. Thanks.

Cheers,
Stephen

StephenCronin · July 1, 2015, 11:40am

ZERGE said
Hi Stephen,

Can you check our items? And list of these items? Thanks

Hi ZERGE,

Most of your items are updated, but there are 4 that have not been. Easiest to show in a screenshot: http://envato.d.pr/oWNt/i950BdAd

Hope that helps.

Cheers,
Stephen

DistinctiveThemes · July 1, 2015, 11:57am

Sorry to weigh in, but is there a chance you could check my stuff too StephenCronin?

Im sure iv nailed all the updates but best to be sure

StephenCronin · July 1, 2015, 12:06pm

DistinctiveThemes said
Sorry to weigh in, but is there a chance you could check my stuff too StephenCronin?

Im sure iv nailed all the updates but best to be sure

Hey DistinctiveThemes,

No worries and glad you asked, because we have you down as updating only 3 out of 5 (so 2 not yet updated). Screenshot of list: http://envato.d.pr/10bwX/462d5uXb

Can you please update them soon? Thanks.

Cheers,
Stephen

KrownThemes · July 1, 2015, 12:16pm

Hi Stephen

We’re also into updating our themes, so please don’t disable them yet

Hopefully until tomorrow all of them will be updated, we’ve already put one of our themes in the queue.

About the issue, we do use Visual Composer, but we dequeue all of it’s default plugins, so prettyPhoto never loads for our themes. But we’ll do the updates anyway.

Thanks, Ruben.

Theemwiz · July 1, 2015, 12:26pm

Hey Stephen,

We have updated one our products Doe HTML template which was using pretty photo.

StephenCronin · July 1, 2015, 12:40pm

KrownThemes said
Hi Stephen

We’re also into updating our themes, so please don’t disable them yet

Hopefully until tomorrow all of them will be updated, we’ve already put one of our themes in the queue.

About the issue, we do use Visual Composer, but we dequeue all of it’s default plugins, so prettyPhoto never loads for our themes. But we’ll do the updates anyway.

Thanks, Ruben.

Hi Ruben,

Thanks for updating them.

We’re moving into the ‘disabling’ phase tomorrow (about 12 hours from now!), but we’ll have some updates to clear first and we’ll be starting with the items that are already soft-disabled (hard-disabling them with a note), so there is a little breathing room (but not much!).

It’s worth noting that we will be checking whether items are in the queue before disabling them, so if you can get them into the queue (with “prettyPhoto XSS fix” in the notes to the reviewer), you should be alright.

Cheers,
Stephen

StephenCronin · July 1, 2015, 12:42pm

crelegant said
Hey Stephen,

We have updated one our products Doe HTML template which was using pretty photo.

Hi crelegant,

Thanks - I can confirm it’s marked as updated.

Cheers,
Stephen

onioneye · July 1, 2015, 10:05pm

Hey Stephen,

can you please confirm that two of my products which I have updated in the last few days are now off your list of “offending” themes.

Thank you!

OnionEye

StephenCronin · July 2, 2015, 5:30am

onioneye said
Hey Stephen,

can you please confirm that two of my products which I have updated in the last few days are now off your list of “offending” themes.

Thank you!

OnionEye

Hey Onioneye,

Both are marked as updated.

Cheers,
Stephen

Theemwiz · July 2, 2015, 5:52am

StephenCronin said
crelegant said
Hey Stephen,

We have updated one our products Doe HTML template which was using pretty photo.

Hi crelegant,

Thanks - I can confirm it’s marked as updated.

Cheers,
Stephen

Yes, it is.

Thanks Stephen.

wpkoder · July 2, 2015, 5:56am

@StephenCronin we have updated all our items. Can you please confirm that all are marked as updated

StephenCronin · July 2, 2015, 6:16am

wow_themes said
@StephenCronin we have updated all our items. Can you please confirm that all are marked as updated

Hi Wow-themes,

You still have 2 items that we haven’t received an update for:

Sansa – Creative OnePage Responsive HTML5 Template (last updated submitted September 10, 2014)
Wallpaper – Multi-Purpose Wordpress Theme (last updated submitted April 28, 2015)

Here’s the full list of your items: http://envato.d.pr/16BvY/1wCkMX2y

Can you please check those 2 items ASAP and update or resubmit as soon as possible. Thanks.

Cheers,
Stephen

onioneye · July 2, 2015, 6:49am

StephenCronin said
onioneye said
Hey Stephen,

can you please confirm that two of my products which I have updated in the last few days are now off your list of “offending” themes.

Thank you!

OnionEye

Hey Onioneye,

Both are marked as updated.

Cheers,
Stephen

Thanks, Stephen!

KrownThemes · July 3, 2015, 6:04am

We’ve also updated two other items - only one remaining