XSS attacks question re recent update (TGM Class)

swiftideas

ATTENTION, PLEASE READ: New topic creation is disabled, as we have moved to a new support system. Your existing topics will remain, but for all new requests you will need to use the new system. Click here to go to the new support request form.

This topic has 6 replies, 3 voices, and was last updated 9 years by Swift Ideas – Ed.

Viewing 7 posts - 1 through 7 (of 7 total)

Back to forum

Posted in: Dante
April 28, 2015 at 8:33 am #169368

anton123
Member

Post count: 67

Hi There, re the recent update

How serious is this bug? Here is the Enfold theme’s reply on the issue:

“This is not really a problem for our themes. We only ship the TGM Plugin activation class with our framework which has been identified as not 100% secure and that will update the framework for all themes with the new class asap. To exploit the class you would need admin access anyways so the chance that something bad happens is really slim”

So it doesn’t sound that serious and chances are slim of something happening?

If I can not update now it will be better since there are many customisations (and lots of work to do….)

Please advise, thanks

April 28, 2015 at 8:41 am #169377

Mohammad – SUPPORT
Moderator

Post count: 27441

Hi,
Thanks for this information. I will inform to developer about it.
Thanks
Mohammad

April 28, 2015 at 10:19 am #169463

Swift Ideas – Ed
Keymaster

Post count: 15264

Hi anton123,

We take security seriously here, which was why we shipped out updates last week as soon as we were informed about this.

The update for Dante that was made available last week included these security fixes.

– Ed

April 28, 2015 at 10:23 am #169470

anton123
Member

Post count: 67

Thanks Ed, that’s great

My Q is whether this is really so serious?

Enfold: “To exploit the class you would need admin access anyways so the chance that something bad happens is really slim”

Can I get away with not updating now? ( since there are many customisations (and lots of work to do….))

Thanks

April 28, 2015 at 10:32 am #169476

Swift Ideas – Ed
Keymaster

Post count: 15264

I’d say you should take any security issue seriously – no matter how likely it is to affect you, better to be safe than sorry!

You can download he latest version, then just replace the class-tgm file in /includes, if you want to wait to update fully.

– Ed

April 28, 2015 at 10:36 am #169479

anton123
Member

Post count: 67

Great thanks – will that be the same for most other themes as well?

If I can just replace one file rather than spending hours redo-ing customizations that’s a bonus!

April 28, 2015 at 10:45 am #169481

Swift Ideas – Ed
Keymaster

Post count: 15264

I can’t say for other themes, but that is all that’s needed in Dante.

– Ed
Back to forum

Posted in: Dante

Viewing 7 posts - 1 through 7 (of 7 total)

You must be logged in and have valid license to reply to this topic.

License required for one of the following items

ATTENTION, PLEASE READ: New topic creation is disabled, as we have moved to a new support system. Your existing topics will remain, but for all new requests you will need to use the new system. Click here to go to the new support request form.

Support Request

Support Policy

Privacy Policy