4 posts
  • Has collected 50+ items on Envato Market
  • Located in United States
  • Has been part of the Envato Community for over 2 years
  • Sells items exclusively on Envato Market
Brashell61 says

Recently I found a security vulnerability in an item on code canyon that allowed for anyone with knowledge of the website file path, (or use traversals without a WAF or IDS active) to view any php file, i.e. the database connection information. I am frustrated because the author never replied and Envato is taking a long time to reply. Any suggestions on what to do other then just sit and wait? A simple google dork gave me a slew of sites that were vulnerable and the file has over 750 purchases. I saw the helpful hacker program but it doesn’t seem like its meant for marketplace items. Thanks.

2400 posts aspire to create - create to inspire
  • Elite Author: Sold more than $75,000 on Envato Market
  • Has sold $125,000+ on Envato Market
  • Made it to the Authors' Hall of Fame
  • Had an item featured on Envato Market
+9 more
Creattive says

Best is to open a support ticket.

If you have already done that, you can contact envato with your ticket id via twitter @envato_support to speed up the process.

Also, you can post your ticket ID in this thread.

4 posts
  • Has collected 50+ items on Envato Market
  • Located in United States
  • Has been part of the Envato Community for over 2 years
  • Sells items exclusively on Envato Market
Brashell61 says

21516 Is the Ticket ID

2660 posts Community Team
  • Member of the Envato Team
  • Helped several times protecting Envato Market against copyright violations
  • Contributed a tutorial on Tuts+
  • Attended one of our Meetups around the world
+19 more
contrastblack Envato team says

Hey Brashell61,

Thanks for your report. Support will be in touch with you shortly on that ticket.
We appreciate your patience and understanding :)

1388 posts
  • Elite Author: Sold more than $75,000 on Envato Market
  • Made it to the Authors' Hall of Fame
  • Has been part of the Envato Community for over 5 years
  • Has sold $250,000+ on Envato Market
+6 more
fuelthemes says

That looks more of a server related issue like file permissions.

3970 posts After Effects Templates
  • Contributed a free file of the month
  • Elite Author: Sold more than $75,000 on Envato Market
  • Has sold $75,000+ on Envato Market and is now an Elite Author
  • Has referred 500+ members
+9 more
miseld says

Recently I found a security vulnerability in an item on code canyon that allowed for anyone with knowledge of the website file path, (or use traversals without a WAF or IDS active) to view any php file, i.e. the database connection information. I am frustrated because the author never replied and Envato is taking a long time to reply. Any suggestions on what to do other then just sit and wait? A simple google dork gave me a slew of sites that were vulnerable and the file has over 750 purchases. I saw the helpful hacker program but it doesn’t seem like its meant for marketplace items. Thanks.

2 days ago personally i’ve sent @Collis a great idea about support for items, if CEO and Developers accept it and implement it, buyers will never ever have a bad user experience, because before you click purchase button, you will exactly know do you have or not full support from the author.

For those who are curious, difference between you who don’t provide support and us who do is only in 1 little shiny badge :)

4 posts
  • Has collected 50+ items on Envato Market
  • Located in United States
  • Has been part of the Envato Community for over 2 years
  • Sells items exclusively on Envato Market
Brashell61 says

That looks more of a server related issue like file permissions.

I just successfully tested it on two sites on two servers as well as on localhost. It isn’t a file permission or server related issue. If you could see it, you would understand.

2400 posts aspire to create - create to inspire
  • Elite Author: Sold more than $75,000 on Envato Market
  • Has sold $125,000+ on Envato Market
  • Made it to the Authors' Hall of Fame
  • Had an item featured on Envato Market
+9 more
Creattive says

For those who are curious, difference between you who don’t provide support and us who do is only in 1 little shiny badge :)

Hey Misel,

I’m not sure if that’s a good idea. Some might say, better make support mandatory, as those without support won’t sell anyway if that comes true. This would at least not give the impression of envato tricking their authors into giving support.

Take a look at this thread and the concerns raised there: http://themeforest.net/forums/thread/question-about-rating-system-and-envatos-hypocritical-stance/133614

I do give support on all my items, but I’m a VH author. Support is not a fulltime job like on TF. We should have that in mind.

3970 posts After Effects Templates
  • Contributed a free file of the month
  • Elite Author: Sold more than $75,000 on Envato Market
  • Has sold $75,000+ on Envato Market and is now an Elite Author
  • Has referred 500+ members
+9 more
miseld says


For those who are curious, difference between you who don’t provide support and us who do is only in 1 little shiny badge :)

Hey Misel,

I’m not sure if that’s a good idea. Some might say, better make support mandatory, as those without support won’t sell anyway if that comes true. This would at least not give the impression of envato tricking their authors into giving support.

Take a look at this thread and the concerns raised there: http://themeforest.net/forums/thread/question-about-rating-system-and-envatos-hypocritical-stance/133614 I do give support on all my items, but I’m a VH author. Support is not a fulltime job like on TF. We should have that in mind.

I agree Tobi, but for me support = knowledge. I would hire someone and pay him to develop Wordpress theme, then i could sell it here and earn a fortune + i don’t care about what buyers says, it’s not fair, not moral. We need to let our buyers to trust us, to believe in what we do, not to scam them and take $20-$30 even $80.
301 posts
  • Elite Author: Sold more than $75,000 on Envato Market
  • Has sold $125,000+ on Envato Market
  • Made it to the Authors' Hall of Fame
  • Had an item featured in an Envato Bundle
+5 more
ichurakov says

I would hire someone and pay him to develop Wordpress theme, then i could sell it here and earn a fortune + i don’t care about what buyers says, it’s not fair, not moral. We need to let our buyers to trust us, to believe in what we do, not to scam them and take $20-$30 even $80.
I don’t think this scenario is possible. When you get several 1-star ratings, nobody will buy your theme. Moreover, you will loose money, because theme development (which match ThemeForest criteria) cost more then you earn. Even if you could sell 20 copies until your 1-star rating become public, you earn only $500. I’m sure theme development cost more.
by
by
by
by
by
by