14 DAY TRIAL // Security researcher Janne Ahlberg has identified reflected cross-site scripting (XSS) vulnerabilities in a number of four premium WordPress themes: BigBang, AirWP, ZigZag and Convergence.
XSS vulnerabilities are highly common in websites these days. They usually plague websites because developers fail to properly filter user inputs.
However, the problem is far more serious when such flaws are embedded into WordPress themes that are utilized for thousands of websites.
The expert has highlighted the fact that the themes he has identified as containing the security holes have been purchased by numerous website owners. BigBang was purchased by 1,229, AirWP by 946, and Convergence and ZigZag by close to 2,000 users each.
This means that around 6,000 websites are affected just because the developers of these themes failed to properly secure them.
Although they have been told about the existence of the vulnerabilities, none of the developers has responded to Ahlberg’s notifications.