Post Smtp Vulnerability

  • Resolved matheusgobbo

    (@matheusgobbo)


    1 week, 2 days ago

    I received notification of a patchstack security flaw, do you intend to fix it?

    The page I need help with: [log in to see the link]

Viewing 6 replies - 1 through 6 (of 6 total)
  • Plugin Support M Aqib Khan

    (@aqibkhan9)

    Hello

    I hope this message finds you well.

    Thank you for reaching out to our Support team. We are aware of this and are in contact with Patch Stack team. Even though the vulnerability reported is of low severity nonetheless we are working on it and soon share a Beta version here and an update will also be released promptly.

    Your patience & understanding is highly appreciated.

    Warm regards,
    Support Team – WP Experts

    Gal Baras

    (@galbaras)

    This vulnerability requires Administrator privileges, and those privileges give a user full access to everything anyway, so it’s almost a non-issue, but should be fixed nontheless.

    Plugin Support M Aqib Khan

    (@aqibkhan9)

    Hello

    We understand your concerns and recognize the importance of security for everyone. We want to address the situation promptly and transparently to alleviate any worries you might have. Here’s an update regarding the reported vulnerability:

    Our team has thoroughly tested and attempted to replicate the issue on our end to identify a resolution. However, at this point, our findings indicate that the reported vulnerability is not reproducible, and it appears to be a false positive.

    It’s also important to clarify a key detail from the Proof of Concept (POC) document shared by Patch Stack. The document outlines that the interception scenario occurs only if an attacker has access to your administrator credentials. As a general security principle, anyone with administrator access inherently possesses the ability to make critical changes or cause harm, which underscores the need to safeguard your admin credentials.

    That said, we are in ongoing communication with the PatchStack team to thoroughly investigate the report, validate its authenticity, and determine the best course of action if necessary.

    We appreciate your understanding and patience as we work to ensure the utmost security for all users. Should you have further concerns or questions, please do not hesitate to reach out.

    Plugin Support M Aqib Khan

    (@aqibkhan9)

    Hello @matheusgobbo

    We have just released an update to resolve the reported vulnerability, and users can now update the plugin.

    I wholeheartedly appreciate our users for bringing this to our attention and for their collaborative and patient handling of the situation. Your support and understanding have been invaluable during this process.

    Should you have any further concerns or require assistance, please don’t hesitate to reach out.

    Warm regards,
    Support Team – WP Experts

    • This reply was modified 6 days, 9 hours ago by M Aqib Khan.
    • This reply was modified 6 days, 8 hours ago by Jan Dembowski.
    • This reply was modified 6 days, 8 hours ago by Jan Dembowski.

    -> Our team has thoroughly tested and attempted to replicate the issue on our end to identify a resolution. However, at this point, our findings indicate that the reported vulnerability is not reproducible, and it appears to be a false positive

    So was for real or false positive? Just wondering as I have many sites I should update, how bad is it?

    FYI Jetpack is still reporting a vulnerability in Post SMTP even in version 2.9.11.

Viewing 6 replies - 1 through 6 (of 6 total)
  • You must be logged in to reply to this topic.