Recently all of Themify themes which I’ve been been using on my various blogs were compromised one by one. Vulnerability allowed spammers to exploit the loophole and turn them into email spam machine.
Luckily I had email spam protection in place on my host which diminishes the threat and I was saved from a major disaster.
I did some quick search to find out what is the problem and I found the culprit to be a very simple mistake which Themify folks have ignored. I applied the patch and all of the blogs are now secure. I didn’t do extensive research though as I didn’t have time but I’m sure that the problem which I found via quick investigation is the real problem and I hope there is no other major security hole in the themes.
I’m not disclosing the vulnerability and it’s solution so that not give other spammers upper hand. I’ve notified Themify folks though. I’ll keep updated if I receive any reply from them.
If you are affected then contact me via comment below and I’ll send you the simple solution.
It is really shame that premium theme authors let such simple mistake slip through in their themes.
I just received reply from Themify informing that this vulnerability has been already identified and they have update theme to fix it. Here is link to their blog.
Ignorance is not bliss! Only if they had informed theme buyers via e-mail about this vulnerability as soon as it was found then it would have saved my and others time and effort.