Here is my latest vulnerability test report: http://jannefi.blogspot.fi/2012/10/xss-vulnerability-in-four-premium.html
Based on the purchase statistics, over 6,000 sites could be affected
contact the authors from their profile pages
I have tried that + email, but there has been no responses. I would not like to publish any issues before fixes are available.
And now it seems my post was marked as inappropriate. What next – ban?
I have tried that + email, but there has been no responses. I would not like to publish any issues before fixes are available. And now it seems my post was marked as inappropriate. What next – ban?
probably because you don’t have any “purchase” badge, so you are officially admitting the use of illegal products of themeforest… unless you need to log with another account, that you probably used to purchase the file.
I have checked the TOS . I have been testing “live preview” versions and confirming the findings by testing few customer sites – which I’m not disclosing.
I do security testing on behalf of developers and their customers. I don’t have any business interests. If this is considered as “illegal” or hostile in this forum, I don’t have much reasons to hang around and contact developers. But I will keep testing.
Hey jannefi, thanks for reporting these issues. Unfortunately our forum rules doesn’t allow calling out specific items or authors on the marketplaces.
I’d be more than interested to check those themes but you need to contact Envato Support, we’ll check those items and take actions if necessary.
Thanks for understanding. Locking this one for the aforementioned reasons.