Cross Site Request Forgery (CSRF)

Please fix and update – thank you!

• This reply was modified 3 months, 3 weeks ago by dwpro.

Any news on fixing this issue and updating?

Thanks

https://www.wordfence.com/threat-intel/vulnerabilities/id/26d28cb4-3cbd-4baf-968a-a3d37693306f?source=plugin

Hi, any news ?

Hello!
Why is dev. not answering this thread? ??

I’d emailed the dev a while back and the response was basically, it’s fixed but we didn’t mention it in the changelog.

I did ask why patchstack and WordFence were still flagging it as an issue in the latest version, if it had been fixed, but never got a response back!

Tried updating on 45 WordPress websites from 2.2.4 to 2.2.5 – they ALL end up in running through the update process without any errors but still displaying 2.2.4 incl. message “1 update available” afterwards.

First Clearfy didn’t get updates for endless times, then it’s always security patches – if they work.
Doesn’t feel very secure lately…

My site is still showing with this issue. Is it fixed?

Clearfy Cache <= 2.2.6 – Cross-Site Request Forgery

Description

The Clearfy Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.2.6. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to perform unauthorized actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.