Security Vulnerability

  • Resolved aimdoll

    (@aimdoll)


    1 year, 3 months ago

    Hello,

    I am sure you are aware that there is a security vulnerability in your plugin. The link to the page I need help with is to a description of the plugin vulnerability, outlined by WordFence. I thought I would give you a friendly reminder about the vulnerability and also am wondering when you might have the vulnerability patched? Thanks in advance for your support.

    Best Regards,

    Amy Singleton

    • This topic was modified 1 year, 3 months ago by aimdoll.

    The page I need help with: [log in to see the link]

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Contributor Regan Khadgi

    (@regankhadgi)

    Hello @aimdoll ,

    Thank you for notifying to us. We were not aware of this issue and this is the first time we had been contacted regarding this issue. But we will take this issue seriously and we will release an update with a fix as soon as possible.

    Thanks.

    Plugin Contributor Regan Khadgi

    (@regankhadgi)

    Hello @aimdoll ,

    We have already released an update with the fix. Please check and let us know if it still needs any further adjustments.

    Thanks.

    Hello r@regankhadgi,

    Please note that Wordfence are reporting that you have only partly resolved the issue. A nonce is not sufficient, you need to check the capabilities of the user to ensure they should be allowed to reset the plugin (using current_user_can( ‘manage_options’ ) or similar).

    Can you fix and release a new version?

    Many thanks.

    Plugin Contributor Regan Khadgi

    (@regankhadgi)

    Hi @stopps ,

    Thank you for looking by. We had made the necessary adjustments as per the suggestion and released a new update. Please check and let us know if it still need any adjustments.

    Thanks.

    Hi @regankhadgi ,

    Thanks for actioning this so promptly, we are rolling out the update and we can see Wordfence are now showing version 1.2.1 as a full patch.

    Thanks for a great plugin!

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Security Vulnerability’ is closed to new replies.