Themerex sold a theme and some addon has a critical vulnerability. I contacted the theme support but they let some bot talk to me. The themerex theme has a critical vulnerabity open and the update routine does not patch the Themerex Addon. I needed to take my website offline. Thats really a destaster. Themerex is a desaster.
If you are referring to the apparent Wordfence plugin or another issue with a wordpress file, then you need to contact the author. There is a page here:
But if you have not paid for support, or are using an older version of a theme you purchased, then you need to pay for that extra support if you value your website operating correctly.
@ThemeREX are one of the most respected authors on Envato - I am certain if there was an issue esp a security risk in their plugins or themes then they would fix those swiftly.
What in the vulnerability exactly?
When did you contact them?
What did the “bot” say?
Did you enable AI assistance when submitting the ticket on their website? That might be why you received an automated response.
Try creating a new support ticket and make sure to deselect ‘AI Assistance,’ or check if your submitted ticket has an option to switch to a live operator.
Each author invests significant time, effort, and resources into their development. If you discover a security vulnerability, it’s important to contact the author directly rather than posting it in public forums. A genuine vulnerability could be exploited by spammers, potentially affecting other websites using the same theme or add-on. On the other hand, if it’s a false positive with no actual security issue, it could harm the author’s reputation. It’s always more effective to reach out to the author first. If they don’t respond, then contacting Envato support is a better alternative than making a public post