Specular – WordPress removed codeless-framework

#specular codeless deleted vulnerability wordpress

- 2 years, 4 months ago vkeith17
 Participant
 Hello!
 
 Got an email from WordPress saying that they found that the codeless-framework plugin/theme contains malware, and in order to protect my site the security system automatically removed it altogether, getting rid of features such as the codeless slider, portfolio grids, headers….
 
 After getting in touch with them and sending them the zip for the plugin/etc., they found the following file “codeless-framework/include/shortcodes/preview-shortcode-external.php” to contain a vulnerability that allows an exploit through shortcodes (lines 30-36 on the file).
 
 Is there a way a secure version could be provided and that I could regain the work that was put into preparing the website through it?
 
 UPDATE: This is what WordPress says is the exact issue that needs to be fixed by the author of the theme:
 
 Codeless Framework: Our systems have identified the following file “codeless-framework/include/shortcodes/preview-shortcode-external.php” to contain a vulnerability that allows an exploit trough shortcodes. (Lines 30-36 on the file). I would recommend contacting the plugin vendors about it. They can check the code on the file and provide you with a secure version. Layerslider: Here you have information about vulnerabilities for this plugin: https://wpvulndb.com/vulnerabilities/8822
 Versions from 6.2.1 and up are safe. You can get an updated version from the theme vendors and upload it to your site.
 Can you guys look into updating this so that the theme is functional and WordPress will stop removing the plugin?
 
 Thanks!
 
 This topic was modified 2 years, 3 months ago by vkeith17.
 
 This topic was modified 2 years, 3 months ago by vkeith17.
- 2 years, 4 months ago Ludjon
 Keymaster
 
 Hello, i sure you that no malware in original package on Themeforest.
 
 It’s more probably that you have a malware in some place in your host/server and it automatically expand to other folders and files. It happens when using downloaded premium themes/plugins for free on pirate websites.
 
 So please check your website entirely, after that, update theme get from Themeforest
 
 Thanks
- 2 years, 4 months ago vkeith17
 Participant
 
 This reply has been marked as private.
- 2 years, 4 months ago Ludjon
 Keymaster
 
 Ok, thanks for noticing us. This is not malware but a vulnerability that can be executed from an administrator from backend only. Will update ASAP
 
 Thank You
 - 2 years, 3 months ago vkeith17
 Participant
 
 Hi Ludjon,
 
 We are still trying to resolve this. We chatted with WordPress support and they told me that I should try reinstalling the plugin. We did, and it worked for a day until we got shut down again with the same message about it being automatically removed due to a vulnerability. As mentioned, we got this from a reputable site, it’s not pirated software. We *really* could use your help in fixing this. Is there a new updated plugin we can download so that our site will have full functionality? The issue is a big one because it totally impacts the look of our site and when WordPress kills it, we no longer have the images scrolling across the top which makes the site way less attractive/functional. Please get back to us ASAP!!!!
- 2 years, 3 months ago vkeith17
 Participant
 
 Thanks. Let me know when a fix is ready so I can re-install!
- 2 years, 3 months ago Ludjon
 Keymaster
 
 You’re welcome, will let you know as soon as possible :)
 
 If you like our theme and support, leave us a rating on Themeforest, it’s very important for us :)
 
 https://themeforest.net/downloads
 
 Thank You so much
 - 2 years, 3 months ago vkeith17
 Participant
 
 Hi Ludjon!
 
 We’re still waiting for a software update from your team. Do you have any news for us?
- 2 years, 3 months ago staciemercure
 Participant
 
 My network supplier said the same thing, it had malware and uninstalled my theme. I lost all my work. And, the codeless header is not working nor is the portfolio.
 
 Help!
- 2 years, 3 months ago Mirela
 Participant
 
 Hello,
 
 @staciemercure,
 Please add some wp and ftp credentials in your profile. The developer will check it asap.
 https://codeless.co/support/?ht_kb=add-private-login-credentials
 
 Best regards!
- 2 years, 3 months ago vkeith17
 Participant
 
 Staciemercure, did you get the problem fixed? Would love to know what the issue was because we are still struggling with this and our site looks awful. Also lost work. This sucks.
- 2 years, 3 months ago vkeith17
 Participant
 
 OK, I just got this from WordPress chat support:
 
 “Codeless Framework: Our systems have identified the following file “codeless-framework/include/shortcodes/preview-shortcode-external.php” to contain a vulnerability that allows an exploit trough shortcodes. (Lines 30-36 on the file).
 
 <span style=”-webkit-tap-highlight-color: rgba(0, 0, 0, 0); border: 0px; font-family: -apple-system, BlinkMacSystemFont, ‘Segoe UI’, Roboto, Oxygen-Sans, Ubuntu, Cantarell, ‘Helvetica Neue’, sans-serif; font-size: 14px; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline; color: #3d4145; white-space: pre-wrap;”>I would recommend contacting the plugin vendors about it. They can check the code on the file and provide you with a secure version. Layerslider: Here you have information about vulnerabilities for this plugin: https://wpvulndb.com/vulnerabilities/8822<span style=”-webkit-tap-highlight-color: rgba(0, 0, 0, 0); border: 0px; font-family: -apple-system, BlinkMacSystemFont, ‘Segoe UI’, Roboto, Oxygen-Sans, Ubuntu, Cantarell, ‘Helvetica Neue’, sans-serif; font-size: 14px; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline; color: #3d4145; white-space: pre-wrap;”> Versions from 6.2.1 and up are safe. You can get an updated version from the theme vendors and upload it to your site”. 
 
 Can you guys help with an update please?
- 2 years, 3 months ago vkeith17
 Participant
 
 “Codeless Framework: Our systems have identified the following file “codeless-framework/include/shortcodes/preview-shortcode-external.php” to contain a vulnerability that allows an exploit trough shortcodes. (Lines 30-36 on the file). I would recommend contacting the plugin vendors about it. They can check the code on the file and provide you with a secure version. Layerslider: Here you have information about vulnerabilities for this plugin: https://wpvulndb.com/vulnerabilities/8822
 
 Versions from 6.2.1 and up are safe. You can get an updated version from the theme vendors and upload it to your site”
- 2 years, 3 months ago Mirela
 Participant
 
 Hello,
 
 Please re-download theme files from your Envato > Downloads. Then replace the current files in your wp-content/themes folder in the server. Read this section of documentation for more details: https://codeless.co/documentation/main.html#update_theme
 
 Best regards!