[FIXED] Templatic tevolution and directory exploits solved since 2016

Updated on By

Our aim at Templatic is to help you build beautiful, feature rich and secure websites, effortlessly. This is the reason why, besides working on newer and better WordPress solutions, we also like to keep a check on our existing products. Directory, being one of our best and widely used products, too, is often checked and updated.

We always try to make our code more secure and test our WordPress templates vigorously before releasing them. But as they say “To err is human” and a code is a very complex thing. Moreover, there are hackers who keep looking for such exploits.  And last year a security vulnerability was found in Tevolution.

Vulnerability found and SOLVED

In 2016, the hackers discovered a backdoor in Tevolution. The word about the Tevolution exploit was spread through blogs about Tevolution exploits, Templatic tmp exploit, directory back door and video on directory hack, etc. As soon as it came to our notice, our developers were quick to find out the problem and block the exploit so as to avoid any further security issues.

How did it happen?

The hackers used curl, or cURL (which stands for client Url). This is the Linux based command line, through which you can send a request to a client and get the response.

They wrote a code snippet using curl that could target a directory website, and upload files to that server. The Tevolution source code had a file with the code to upload an image. This image upload code file had the vulnerability and it could be called on the hacker’s server, through curl. This would let them upload any kind of file, which would ultimately end up on the hacked directory’s server.

So, the hackers were, therefore, able to upload suspicious files on the site’s server with this vulnerability.

What was the risk?

With the Tevolution exploit, the hackers were able to upload files to the directory based website. This proved to be a threat to the security and the functioning of your WordPress website.

We understand the seriousness of this kind of vulnerability. And the problem was solved as soon as it came to our light. But even in the short time, there was a surge of articles on the internet regarding Tevolution hack, directory exploit, Templatic hack, etc.

However, this issue has been completely resolved now, the back door to Directory is permanently blocked.

What was the solution?

On September 26th, we released a new update that would permanently fix this problem. Along with this fix, we had a thorough security check to ensure that there’s no such weakness that could impose a threat to the security of your online Directory.

What we changed in our theme files, is to disable the vulnerability through curl codes. cURL snippets enabled the image upload file to be called on a different server. With the new security update, it was affirmed that such exploits were totally blocked, making your online directories safe and secure from the hackers.

The newer versions already have the fix

When the issue was resolved, a security update was released with an email newsletter to all the customers informing them about the latest security fix.

It’s natural, once we hear about security issues, we start feeling a little concerned. Afterall, it is the security of your website that’s at stake.

However, the problem was permanently solved and the Directory Software and the Tevolution Plugin available for download, now already contain the fix and the security of your website is intact.

..And your Directory is totally secure now

The security and smooth functioning of your websites built with our themes are important to us than anything else. Security is an important aspect especially with all the hackers keeping an eye on the websites to find a back door.

But with all of those events taking place, we are more focused on the security of our users. More determined to provide excellent WordPress solutions that are not just beautifully designed and feature rich, but also secure.

Additionally, also read this article on WordPress security to protect your site on the internet.

Leave a Reply

Your email address will not be published. Required fields are marked *

Full Disclosure This post may contain affiliate links, meaning that if you click on one of the links and purchase an item, we may receive a commission (at no additional cost to you). All opinions are our own and we do not accept payments for positive reviews.