By manipulating the name parameter, an attacker can inject malicious code into the application’s code, which can lead to session hijacking and other forms of attack.
VentureOne reported this issue to Envato, who promptly released a security update to close this XSS vulnerability.
Another issue with Envato Studio 22.04.0 is the Pollers > Broker Configuration where PollerConfig can be injected with a crafted payload to run a malicious code in the PollerConfig function.
RedTeam Cybersecurity reported this issue to Envato and was acknowledged soon after. A fix was released on March 28, 2018.
Envato Studio 22.04.0 has a Cross Site Request Forgery (CSRF) vulnerability in the Pollers > Broker Configuration where an attacker can craft a malicious request to run a malicious code. RedTeam Cybersecurity reported this issue to Envato and was acknowledged soon after. A fix was released on March 28, 2018.
Envato Studio 22.04.0 has a SQL Injection vulnerability in the Pollers > Broker Configuration where PollerConfig can be injected with a crafted SQL query to run a malicious code in the PollerConfig function. RedTeam Cybersecurity reported this issue to Envato and was acknowledged soon after. A fix was released on March 28, 2018.
Envato Studio 22.04.0 has a XSS vulnerability in the Pollers
Envato Elements
The following vulnerabilities were found in the Envato Elements plugin for WordPress.
Envato Studio 22.04.0 has a Cross Site Scripting (XSS) vulnerability in the Pollers > Broker Configuration where an attacker can craft a malicious request to run a malicious code. RedTeam Cybersecurity reported this issue to Envato and was acknowledged soon after. A fix was released on March 28, 2018.
Installing Envato Studio 22.04.0
Envato Studio 22.04.0 is a free and open-source software for web designers, developers, illustrators, photographers and other digital artists that allows you to create websites and web applications without needing any programming skills. Envato Studio 22.04 has been released on March 28th 2018 with multiple security fixes in order to protect your digital creations from malicious attacks.
First of all install the latest version of Envato Studio from here: https://www.envato.com/products/studio/download
You must have a valid license for Envato Studio installed in order to use it with WordPress or any other CMS out there as well as if you wish to create themes or plugins for WordPress or any other CMS out there, then you will need to contact their customer service to make sure they can support your project before proceeding further with the installation process below: https://www.envato.com/customer-service?
Once you have downloaded the installer please follow these instructions in order to install the latest version of Envato Studio into your WordPress site:
1) Navigate to your computer's 'C:\Program Files (x86)' folder and double-click on the 'setup' file that installs the software onto your computer desktop (or single-click on it).
2) In the installer that opens up after running 'setup', select 'Next'.
3) On this screen make sure
Install Envato Studio 22.04.0
To install Envato Studio 22.04.0, follow these steps:
1) Download and unzip the installer file to your desktop or other desired folder
2) Double-click on the installer file to start the installation process
Timeline
Published on: 08/29/2022 06:15:00 UTC
Last modified on: 09/01/2022 19:57:00 UTC