Plugin is compromised

Viewing 4 replies - 1 through 4 (of 4 total)

  • Has this been fixed? I see this in the 4.2.7 changelog note:

    Fix vulnerabilities issue of Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode.

    That sounds like it could be describing this vulnerability but not positive. Any official confirmation?

    Edit: just found this thread where the dev posted that it’s been updated and resolved. So hopefully we’re good to go for now?

    • This reply was modified 10 months, 3 weeks ago by harmolipi. Reason: Found a response from the dev
    Plugin Support Jawad Ahmed

    (@jawada)

    Hi @calhas

    We are sorry to hear that you are having this issue. This issue has been addressed in our last update and users with the older versions are experiencing this issue, we kindly request you to update the plugin to the latest version. The issue occurred to those sites who have multisite features enabled. 

    Please also, check your custom JS/CSS menu under the popup and if you have any unknown code, please remove it. Also, please make sure you don’t have any unknown admin account on your site.

    I hope this will help. If you require further assistance or have any additional questions, please don’t hesitate to contact us through our support portal. Our team is always here to help!

    https://help.popup-builder.com/en/

    Sincerely,

    Plugin Support Jawad Ahmed

    (@jawada)

    Hi @harmolipi

    Thank you for your assistance here, we really appriciate it.

    Regards

    @jawada That’s good to know, thanks for confirming.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Plugin is compromised’ is closed to new replies.