And even sadly said, not everyone is a professional developer and will need some time to understand how to protect his scripts from SQLi, XSS, CSRF,…
We appreciate that you’ve found some vulnerabilities but nowadays people are finding them too in WordPress, Joomla… and even Chrome or Facebook.
So, the finest would be to notice the authors about the found vulnerabilities and to tell them where they’ve been and how they could get workaround.
What about holding courses about security improvements in PHP for the Envato Authors exclusively? I’m pretty sure a lot of guys would join this course and learn a lot about object orientated development using somehow PDO (prepared statements), how to set and generate CSRF tokens and even validate them at each request, escape output going on the frontend, file upload abuse while setting sizes, allowed extensions and even maximum allowed files count, and a lot more…
Our authors would be thankful if they learn something that’s really important nowadays. Attacking them how it’s possible to have security vulnerabilities - because you know how to write safe - is the wrong way in my opinion. Just help each other and you’ll earn a lot back.
Damn. Somehow I haven’t noticed that the thread is already 7 months old. Sorry.