-
-
Hello!
Got an email from WordPress saying that they found that the codeless-framework plugin/theme contains malware, and in order to protect my site the security system automatically removed it altogether, getting rid of features such as the codeless slider, portfolio grids, headers….
After getting in touch with them and sending them the zip for the plugin/etc., they found the following file “codeless-framework/include/shortcodes/preview-shortcode-external.php” to contain a vulnerability that allows an exploit through shortcodes (lines 30-36 on the file).
Is there a way a secure version could be provided and that I could regain the work that was put into preparing the website through it?
UPDATE: This is what WordPress says is the exact issue that needs to be fixed by the author of the theme:
Codeless Framework: Our systems have identified the following file “codeless-framework/include/shortcodes/preview-shortcode-external.php” to contain a vulnerability that allows an exploit trough shortcodes. (Lines 30-36 on the file). I would recommend contacting the plugin vendors about it. They can check the code on the file and provide you with a secure version. Layerslider: Here you have information about vulnerabilities for this plugin: https://wpvulndb.com/vulnerabilities/8822
Versions from 6.2.1 and up are safe. You can get an updated version from the theme vendors and upload it to your site.</p>
Can you guys look into updating this so that the theme is functional and WordPress will stop removing the plugin?Thanks!
-
Hello, i sure you that no malware in original package on Themeforest.
It’s more probably that you have a malware in some place in your host/server and it automatically expand to other folders and files. It happens when using downloaded premium themes/plugins for free on pirate websites.
So please check your website entirely, after that, update theme get from Themeforest
Thanks
-
-
Ok, thanks for noticing us. This is not malware but a vulnerability that can be executed from an administrator from backend only. Will update ASAP
Thank You
-
Hi Ludjon,
We are still trying to resolve this. We chatted with WordPress support and they told me that I should try reinstalling the plugin. We did, and it worked for a day until we got shut down again with the same message about it being automatically removed due to a vulnerability. As mentioned, we got this from a reputable site, it’s not pirated software. We *really* could use your help in fixing this. Is there a new updated plugin we can download so that our site will have full functionality? The issue is a big one because it totally impacts the look of our site and when WordPress kills it, we no longer have the images scrolling across the top which makes the site way less attractive/functional. Please get back to us ASAP!!!!
-
-
Thanks. Let me know when a fix is ready so I can re-install!
-
You’re welcome, will let you know as soon as possible :)
If you like our theme and support, leave us a rating on Themeforest, it’s very important for us :)
https://themeforest.net/downloads
Thank You so much
-
Hi Ludjon!
We’re still waiting for a software update from your team. Do you have any news for us?
-
-
My network supplier said the same thing, it had malware and uninstalled my theme. I lost all my work. And, the codeless header is not working nor is the portfolio.
Help!
-
Hello,
@staciemercure,
Please add some wp and ftp credentials in your profile. The developer will check it asap.
https://support.codeless.co/?ht_kb=add-private-login-credentialsBest regards!
-
Staciemercure, did you get the problem fixed? Would love to know what the issue was because we are still struggling with this and our site looks awful. Also lost work. This sucks.
-
OK, I just got this from WordPress chat support:
“<span style=”color: #3d4145; font-family: -apple-system, BlinkMacSystemFont, ‘Segoe UI’, Roboto, Oxygen-Sans, Ubuntu, Cantarell, ‘Helvetica Neue’, sans-serif; font-size: 14px; white-space: pre-wrap;”>Codeless Framework: Our systems have identified the following file “codeless-framework/include/shortcodes/preview-shortcode-external.php” to contain a vulnerability that allows an exploit trough shortcodes. (Lines 30-36 on the file).</span>
<span style=”-webkit-tap-highlight-color: rgba(0, 0, 0, 0); border: 0px; font-family: -apple-system, BlinkMacSystemFont, ‘Segoe UI’, Roboto, Oxygen-Sans, Ubuntu, Cantarell, ‘Helvetica Neue’, sans-serif; font-size: 14px; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline; color: #3d4145; white-space: pre-wrap;”>I would recommend contacting the plugin vendors about it. They can check the code on the file and provide you with a secure version. Layerslider: Here you have information about vulnerabilities for this plugin: </span>https://wpvulndb.com/vulnerabilities/8822<span style=”-webkit-tap-highlight-color: rgba(0, 0, 0, 0); border: 0px; font-family: -apple-system, BlinkMacSystemFont, ‘Segoe UI’, Roboto, Oxygen-Sans, Ubuntu, Cantarell, ‘Helvetica Neue’, sans-serif; font-size: 14px; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline; color: #3d4145; white-space: pre-wrap;”> Versions from 6.2.1 and up are safe. You can get an updated version from the theme vendors and upload it to your site”. </span>
Can you guys help with an update please?
-
“Codeless Framework: Our systems have identified the following file “codeless-framework/include/shortcodes/preview-shortcode-external.php” to contain a vulnerability that allows an exploit trough shortcodes. (Lines 30-36 on the file). I would recommend contacting the plugin vendors about it. They can check the code on the file and provide you with a secure version. Layerslider: Here you have information about vulnerabilities for this plugin: https://wpvulndb.com/vulnerabilities/8822
Versions from 6.2.1 and up are safe. You can get an updated version from the theme vendors and upload it to your site”
-
Hello,
Please re-download theme files from your Envato > Downloads. Then replace the current files in your wp-content/themes folder in the server. Read this section of documentation for more details: https://codeless.co/documentation/main.html#update_theme
Best regards!
-
You must be logged in to reply to this topic.