Themes Requiring Updates

[Simon 248]

Please Note: Recent software such as DMS is not affected by this security advisory.

 

Three days ago we were alerted by Securi via email that there were a couple of problems with two of our legacy themes, namely PlatformPro and PageLines Framework.

 

We take security seriously, so we wasted no time updating the free versions of these themes on the WordPress Repo and updating the pro versions over here at pagelines.com

 

The following versions of the two themes have been patched and are available from your account area right now.

 

PlatformPro 1.6.2 [download]
PageLines Framework 2.4.6 [download]

 

If you are using the free versions of the two themes available on wordpress.org, those files have also been patched.

 

PageLines 1.4.6 [download]
Platform 1.4.4 [download]

 

In all cases you should see an update available in your WordPress admin area and should update right away.

In the event that you cannot update the theme we took the time to create a small plugin that will protect your site.

The plugin will work with all versions of both themes, just install and activate it for immediate protection.

 pl-security-patcher.zip

 

 

[trisquelmedia 7]

Thxs a lot for support!! updating..

[lakersalex 4]

I can't download the plugin pl-security-patcher.zip

 

Sorry, you don't have permission for that!

 

You do not have permission to view this attachment.

 

Can you provide a link to the plugin?

[Simon 248]

Also available here: http://www.pagelines.com/themes-requiring-updates/

[bartoncollege 0]

I'm running Platform Base 1.41 with Platform Pro 1.5.3.  Does the plugin cover those versions?  I apply the plugin and activate it, but the site gets hacked again after several hours.

[Simon 248]

The plugin works for any version of platformpro. If your site has already been hacked, if they even used platformpro as a way in, installing a plugin wont 'lock them out' as they have already compromised the server.

How do you know you have been hacked?

[bartoncollege 0]

Our page elements (boxes, features, etc.) were jumbled, and our list of majors was showings links to buy various pharmaceuticals.  Things seems to be okay now.  I completely deleted the contents of the root directory and restored from a backup that was a day older than what I thought was the last safe backup. Immediately, added the plugin again and also added the Sucuri Security plugin.  I think the Pagelines plugin is most likely fine.  I think using a too recent backup was probably the reason why it kept coming back.  I just wanted to check with you guys to be sure that my version was covered.

 

I've been playing with DMS 2 on a test server, so this incident will just speed the transition up. :-)

 

Thanks for answering my question and thanks for the plugin.

[bonnysteele 0]

I'm using Framework and pretty sure our site has been and still is hacked. I'm seeing all sorts of movie downloads in my link directory (image linked below) and some users have reported a malicious pop up suggesting a flash update. Others seeing this and possible suggestions? 

 

http://ewiconnect.com/images/Screen%20Shot%202015-02-05%20at%204.23.16%20PM.png

 

I just activated the patch plugin and I am running the latest version of Pagelines Framework. Help?

[Simon 248]

Installing the patch and updating the theme after you have been hacked isnt going to magically fix it im afraid.

 

http://codex.wordpress.org/FAQ_My_site_was_hacked

 

You will need to clean the site.

 

If you have a list of URLS being added to the site then search for those urls in the database.

 

Check all user accounts, remove any other admins, change your passwords.

[bonnysteele 0]

Thanks for the guidance. I found a test user account that was the source. Removed the account and all associated posts (there were 50+) and that seems to have taken care of it. All other passwords changed.

 

Gracias.