3.6.4.2 Security fix

  • Resolved pautgn

    (@pautgn)


    1 year, 10 months ago

    Hi,

    I see that 3.6.4.2 changelog = “CVE-2023-23714 security fix in 1-click installer in a specific situation #309”.

    Can you please give more details?

    Should I update it asap?

    Regards.

Viewing 1 replies (of 1 total)
  • Plugin Author Uncanny Owl

    (@uncannyowl)

    Hi @pautgn ,

    Great question!

    We definitely recommend updating and using the latest version, in this case and always.

    Without going into too much detail, there was a way for users?with permission to install plugins?(so usually only admins) to install a plugin from?www.ads-software.com via the Toolkit. If perhaps an admin was tricked into doing something (and it would have to be very targeted and intentional), a plugin from?www.ads-software.com?could be installed on the site. Yesterday’s update adds a nonce check to block this scenario. It does only affect users who already have permission to install plugins though and the installed plugin would have to be from?www.ads-software.com.

Viewing 1 replies (of 1 total)
  • The topic ‘3.6.4.2 Security fix’ is closed to new replies.