CSRF Security Vulnerability!

  • Resolved jenseo

    (@jenseo)


    8 years, 7 months ago

    Hi,
    I just got an email from my host telling me there’s a CSRF vulnerability in the following file:

    webappick-product-feed-for-woocommerce/includes/classes/template.php

    Have uninstalled the plugin, which is a shame, since it did a very good job. But of course we can’t use a plugin with vulnerabilities.

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Author Ohidul Islam

    (@wahid0003)

    Hi,

    We have fixed the problem and released a new version. Thanks for reporting us about the problem.

    Thread Starter jenseo

    (@jenseo)

    Thanks for the solving it so fast!

    In looking over the changes made in 1.5.24, there doesn’t appear to be any changes made related cross-site request forgery (CSRF) protection. The only change looks like it is related to “Hex character encoding error for XML feed”. Are you sure the fix you intended to include was actually included in the new version?

    Plugin Author Ohidul Islam

    (@wahid0003)

    Yes, we have removed the file webappick-product-feed-for-woocommerce/includes/classes/template.php.
    That file was not used after the version V1.5.15

    That file was still in the plugin as of 1.5.24, you only removed in it 1.5.25, which was released after we asked our question and after you said it had been fixed, so the answer to the question would actually be “no”.

    We have contacted you about a cross-site request forgery (CSRF) vulnerability we have found in the current version of the plugin.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘CSRF Security Vulnerability!’ is closed to new replies.

Tags