Docs

[authenticpic]

Got this email today from Envato:

We are getting in touch to let you know about multiple XSS security vulnerabilities in the Visual Composer WordPress plugin versions prior to 4.7.4 (releases prior to October 2, 2015). This plugin was included in items you’ve purchased (listed below).
We have been working with WP Bakery, the creators of Visual Composer, who have addressed all identified vulnerabilities and undertaken a code audit to ensure that it is as secure as possible. Theme authors whose items include Visual Composer have been instructed to make sure their items accommodate this upgrade. Items that include older versions of Visual Composer will be disabled from the market until this change is made.
Affected Items
Your items that include Visual Composer:
• X | The Theme
What You Should Do
In order to secure your item from these vulnerabilities we strongly encourage you to update to version 4.7.4 or later as soon as possible. We recommend you take the following steps to secure your sites immediately, after first backing up your WordPress site.
Visual Composer Plugin Update Steps
• Log in to codecanyon.net and proceed to download the latest version of Visual Composer to your computer from this URL: http://codecanyon.net/item/visual-composer-page-builder-for-wordpress/242431
• Locate and unzip the downloaded plugin file.
• Connect to your server using an FTP client and upload the js_composer directory (from the downloaded zip file) to the wp-content/plugins/ directory. (Note: This will overwrite the old Visual Composer files with the secure versions.)
• Log into WordPress and navigate to the Plugins page to confirm the Visual Composer plugin is version 4.7.4
The link to the latest version, provided above, will be live for 3 weeks from the time this email was sent. After this period, you will need to access the latest version via your theme zip file.
Please note: This replaces the existing plugin under the licensing of the theme(s) you’ve purchased and is only licensed for use in these themes.
Your Security is Our Priority
We take security seriously at Envato. When we receive security vulnerability reports for items sold on our marketplaces, we work as quickly as possible to validate the report, investigate risk and determine the best course of action for the security of our community.
On behalf of the plugin creator and Envato, we’d like to apologize for this inconvenience and assure you that security is and always will be our priority.

[TushitaKBC]

Got the same email. Clicked on the plugin and updated. You have to have X 4.1.1

[Christian]

Thanks for chiming in Tushita. That is right. You need to update to version 4.1.1 of X then update Visual Composer.

[kinglis]

I have X 4.1.1 installed, but when I go to Plugins, I don’t see Visual Composer on the list. Any ideas how I can get it to show? Do I still need to download?

[Thai]

Hi @kinglis,

In this case, would you mind providing us with login credentials so we can take a closer look? To do this, you can make a post with the following info:

– Link to your site
– WordPress Admin username / Password
– FTP Account

Don’t forget to select Set as a private reply. This ensures your information is only visible to our staff.

Thanks.

[hjaffer]

Here’s what I get when I go to update the plugin.

“An error occurred while updating WPBakery Visual Composer: Update package not available.”

Any idea what that is?

[Christopher]

Hi there,

Please try to update it manually, to do so please download X Theme folder from Theme Forest, you can locate the “js_composer.zip” file under (“X/framework/plugins/”). Then unzip the plugin file and use a FTP Client software (FileZilla Client) to upload it into your server (“ROOT/wp-content/plugins/”) folder. make sure to overwrite existing js-composer folder.

Hope it helps.

[Stefan]

Same than kinglis. I have X 4.1.0 installed, I didn’t see the Visual Composer on the list before I downloaded the new plugin file . No it is there.

[Rupok]

Hi @kitexcite

Thanks for sharing. Let us know if you face any issue.

Cheers!

[kinglis]

This reply has been marked as private.

[Jack]

Hi there @kinglis,

Even if Visual Composer is deactivated, but is an older version, it should still be updated, as otherwise the files are still on your site and could be exploited by someone. I’d highly recommend upgrading, even if Visual Composer isn’t used/activated.

Thank you!

[authenticpic]

Hi there:
Thanks for all the activity – So I just checked and I do not have Visual composer as a plugin at all. Question is should I have it? Was it previously included with older versions of X? I automatically updated to 4.1.1 when it was released.
Thanks for your support

[Lely]

Hello There,

You’re welcome!
It is bundled plugin of X. Since X will stop development for Visual Composer since X V4.0 it is not advised to use to a new site: This link might help:https://community.theme.co/forums/topic/cornerstone-and-visual-composer/#post-285285

[authenticpic]

Thanks again for your support / help.

[Paul R]

You’re welcome! 🙂

[Author]

Posts