Home › Forums › Support Forum › Bricks Vulnerability › Reply To: Bricks Vulnerability
My definitions are of known threats which are to be removed from any files found to contain malicious code matching those patterns. It is rare that I would classify another plugin or theme as such a malicious threat, but I do report any vulnerabilities I find to the developers directly. It is only if those developers refuse to patch the exploit that I would take the initiative to flag and remove the threat in their code.
Since this vulnerability was discovered on February 10th and patched on February 13th, before it was even disclosed, I have no need to add it to my definitions, as users of this theme can simply upgrade to the latest version to be safe from this exploit.
If you have any information on this vulnerability (or the subsequent patch) that could make it more of a continuing issue for the greater community then I would ask you to contact me privately or contact the developers directly to share anything that might be helpful.
