All of our child themes for the Genesis framework have been updated. This is a serious security update and should be applied as soon as possible.
While there is nothing inherently wrong with any of our themes or Genesis itself, the problem lies with an errant file found in the font directory of each theme. The example.html
file is vulnerable to a cross-site scripting attack and should be removed immediately.
In each of our themes, navigate to the following directory (childtheme being the name of the actual child theme) …
childtheme/lib/font/
and remove the example.html
file.
Here is the exact location for each theme:
Benson
…/themes/benson/lib/font/example.html
BlogNews
…/themes/blognews/lib/font/example.html
Gigawatt
…/themes/gigawatt/lib/font/example.html
Malcolm
…/themes/malcolm/lib/font/example.html
Marcus
…/themes/marcus/lib/font/example.html
Raider
…/themes/raider/lib/font/example.html
Raven
…/themes/raven/lib/font/example.html
Sidney
…/themes/sidney/lib/font/example.html
Winfield
…/themes/winfield/lib/font/example.html
In each case delete the file named example.html
All of our themes on GitHub have been updated and that file has been removed.
Further reading: https://wordpress.org/news/2015/05/wordpress-4-2-2/
The post Security Update For Our Themes appeared first on WPCanada.