Elegant Themes

Hey all,

The error you are referring to (a[href*=#]:not([href=#])) was fixed in Divi pre WP 4.5. Just make sure you are using the latest version of Divi. We always keep it updated to make sure it’s compatible with the latest version of WP and the included JS libraries.

andryl , the extent of the fork is to replace our logo with theirs, add additional branding to each opt-in form, and use the free plugin as a method to up-sell their competing product at https://www.leadpages.net.

Thanks! We at ElegantThemes.com spent a year building this plugin in the form of Bloom. You can download and purchase the real version here:

https://www.elegantthemes.com/plugins/bloom/

LeadPages took it, added their logo, and released it here for free. Of course they are allowed to do that, but if you want to support the original developers at https://www.ElegantThemes.com, I would certainly welcome you to do so! We would love to keep making Bloom better and better ??

Glad you like it. ElegantThemes.com spent a year building this plugin in the form of Bloom before LeadPages took it, added their logo, and released it here for free.

Yep, looks like their “fork” just replaces our logo with theirs. Pretty cool…

What theme are you using?

This is a compatibility issue with our Foxy theme you are using, which calls to the old folder structure. We are updating our themes now to accommodate for the change in file path that has occurred in WooCommerce 2.1. Stay tuned of updates, or adjust the path in functions.php of your theme manually. Just search for /shop and replace it with /global, or swing by our forums if you need more help. Thanks for the patience.

This is a compatibility issue with our Elegant Theme you are using, which calls to the old folder structure. We are updating our themes now to accommodate for the change in file path that has occurred in WooCommerce 2.1. Stay tuned of updates, or adjust the path in functions.php of your theme manually. Just search for /shop and replace it with /global, or swing by our forums if you need more help. Thanks for the patience.

The header requires a featured image. Once you add it, it will include a video play button.

It may be renamed. I would also look for thumb.php

what is your url?

There are still many themes outside the repository that use the script. It’s worth checking your inactive themes for the file.

I have been troubleshooting several sites that have been hit with this attack. I notice 2 major hacks going around over the past few days. Once you have updated your theme and removed timthumb (or updated it), here is some info on how to help clean up your site.

If you have already been hit, then the first thing you should do is open wp-config.php and look for any suspicious code. Generally, you should delete everything after:

require_once(ABSPATH . ‘wp-settings.php’);

Check for suspicious whitespace as well. In one of the attacks, hundreds of lines of white space is been added to try and mask the malicious code.

Next open index.php and delete everything between:

require(‘./wp-blog-header.php’);

…

?>

After that I would re-install WordPress from within the WordPress Dashboard via the Updates tab to clean up the infected .js files. When you have done that I would probably run Clam-AV if you have it installed, as well as https://sitecheck.sucuri.net/scanner/. Clam will help pick up any suspicious code that has been obfuscated in base64.

Finally, be sure to change your MySQL passwords and wp-admin passwords just in case. It’s also worth mentioning that the timthumb vulnerability affects inactive themes as well. This script is very popular throughout the theme community. I would delete all of your inactive themes just to make sure you don’t have any timthumb.php files laying around.

This is due to an outdated version of timthumb.php on your server. You should update this file to the latest version, or use a theme that does not include the file.

I have been troubleshooting several sites that have been hit with this attack. I notice 2 major hacks going around over the past few days. Once you have updated your theme and removed timthumb (or updated it), here is some info on how to help clean up your site.

If you have already been hit, then the first thing you should do is open wp-config.php and look for any suspicious code. Generally, you should delete everything after:

require_once(ABSPATH . ‘wp-settings.php’);

Check for suspicious whitespace as well. In one of the attacks, hundreds of lines of white space is been added to try and mask the malicious code.

Next open index.php and delete everything between:

require(‘./wp-blog-header.php’);

…

?>

After that I would re-install WordPress from within the WordPress Dashboard via the Updates tab to clean up the infected .js files. When you have done that I would probably run Clam-AV if you have it installed, as well as https://sitecheck.sucuri.net/scanner/. Clam will help pick up any suspicious code that has been obfuscated in base64.

Finally, be sure to change your MySQL passwords and wp-admin passwords just in case. It’s also worth mentioning that the timthumb vulnerability affects inactive themes as well. This script is very popular throughout the theme community. I would delete all of your inactive themes just to make sure you don’t have any timthumb.php files laying around.

I have been troubleshooting several sites that have been hit with this attack. I notice 2 major hacks going around over the past few days. Once you have updated your theme and removed timthumb (or updated it), here is some info on how to help clean up your site.

If you have already been hit, then the first thing you should do is open wp-config.php and look for any suspicious code. Generally, you should delete everything after:

require_once(ABSPATH . ‘wp-settings.php’);

Check for suspicious whitespace as well. In one of the attacks, hundreds of lines of white space is been added to try and mask the malicious code.

Next open index.php and delete everything between:

require(‘./wp-blog-header.php’);

…

?>

After that I would re-install WordPress from within the WordPress Dashboard via the Updates tab to clean up the infected .js files. When you have done that I would probably run Clam-AV if you have it installed, as well as https://sitecheck.sucuri.net/scanner/. Clam will help pick up any suspicious code that has been obfuscated in base64.

Finally, be sure to change your MySQL passwords and wp-admin passwords just in case. It’s also worth mentioning that the timthumb vulnerability affects inactive themes as well. This script is very popular throughout the theme community. I would delete all of your inactive themes just to make sure you don’t have any timthumb.php files laying around.