The Ultimate Addons for Visual Composer v3.16.12 was released on 3rd May 2017. If you have not updated, please do so immediately. If you have already updated to the latest version, then you can sit back and relax.
- Stored XSS
- Remote Code Execution
Having fixed these vulnerabilities, we have also improved the overall security by checking user capabilities when performing any AJAX actions, checking nonces when submitting forms and overall improved sanitation of data to ensure nothing similar arises in the time to come.
We would like to thank WPHutte for reporting the vulnerabilities privately and giving us enough time to patch and release the updates before disclosing the information publicly.
Since this is a security update, we request you to make sure you update the Ultimate Addons for Visual Composer as soon as possible; so that nothing affects you in the near future.
If you have activated your license, you should get an update notification soon. Please update the plugin from the Updates page in your WordPress backend.
If you have received Ultimate Addons for Visual Composer bundled with a theme, you will have to contact your theme author for the latest version of the plugin or purchase independent license directly from us to receive automatic on-time updates and first party support.
Saying this, we just want to assure that we at Brainstorm Force, have always and will continue to deliver the best possible product that is both safe and useful to use.
Please feel free to get in touch with us, in case you need any further help. 🙂