Logo

Critical Security Vulnerability Found in BD Elements Pack Plugin (Closed)

Michael Costanzo
·
Updated ·
4 replies
User Avatar
Michael Costanzo

Hi, I just installed wordfence and it said I should disable the BDThemes Element Pack Pro that ships with UIcore on all my sites. I can't see any way to update it to a patched version. Do you have an update for it available to users that can be pushed to us?

Info below:

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/bdthemes-element-pack/element-pack-pro-774-authenticated-contributor-arbitrary-file-read-and-phar-deserialization

Thanks

User Avatar
Malik Ihtasham
STAFF

Hi Michael,

We always release new updates for ElementPackPro with our theme updates. You can update your theme by going to Theme Options > Updates to update it to the latest version.

User Avatar
Michael Costanzo

I have done this. When i click the Check for Updates button in the plugin, nothing happens. Also, there is no option for "Enable auto updates" either. If i go to Elements Pack Pro > License, it says it's active. What else can I do?

User Avatar
Malik Ihtasham
STAFF

Hi Michael,

Let's try the following steps and see if this helps:

  1. Reconnect your website to your account by going to Theme Options > Updates and then update the theme.
  2. If the above step doesn't help, you can download the theme from your account and upload it by going to Dashboard > Themes > Add new. After uploading you can reinstall the theme by going to Theme Options > Updates.