Hi,
I’ve received an email from envato that the pinpoint theme is affected by the Visual Composer plugin and that it should be updated immediately.
However I can’t find that plugin inside the wp content?
Are they mistaken?
Here is the email:
We are getting in touch to let you know about multiple XSS security vulnerabilities in the Visual Composer WordPress plugin versions prior to 4.7.4 (releases prior to October 2, 2015). This plugin was included in items you’ve purchased (listed below)……….
and:
Affected Items
Your items that include Visual Composer:
Pinpoint – Responsive Multi-Purpose WP Theme
What You Should Do
In order to secure your item from these vulnerabilities we strongly encourage you to update to version 4.7.4 or later as soon as possible.
…..
Locate and unzip the downloaded plugin file.
Connect to your server using an FTP client and upload the js_composer directory (from the downloaded zip file) to the wp-content/plugins/ directory. (Note: This will overwrite the old Visual Composer files with the secure versions.)
Log into WordPress and navigate to the Plugins page to confirm the Visual Composer plugin is version 4.7.4
….
etc. etc.
Hope to hear from you,
thanks
.