About Vulnerability Fix on 3.6.4.4

  • Resolved pautgn

    (@pautgn)


    1 year, 5 months ago

    Hi,

    I see the changelog for 3.6.4.4 includes 2 vulnerability fixes:

    • Vulnerability – Update redirect_url param for review-banner-visibility endpoint to use wp_safe_redirect #331
    • Vulnerability – Fix permissions_callback for review-banner-visibility endpoint #330

    Can you provide more information? What can happen without updating? Is it something that needs to be updated asap? I like to update + test when I have time for that.

    Thanks!

Viewing 1 replies (of 1 total)
  • Plugin Author Uncanny Owl

    (@uncannyowl)

    Hi @pautgn ,

    Absolutely, we can definitely provide more context. Specific details aren’t public at this time (for obvious reasons, though more information will be available in 2 weeks), but we can point you in the right direction about impact.

    One is related to a redirect, where users could potentially be tricked into visiting an unexpected site from a link on your site. This could only be done by a user that’s logged in to your site and they would have to intentionally target a specific unpublished URL. The other has to do with how permissions are checked for an API. They are considered “Medium” severity.

    Certainly we recommend updating to the latest version, but you do have time to test.

Viewing 1 replies (of 1 total)
  • The topic ‘About Vulnerability Fix on 3.6.4.4’ is closed to new replies.