DO NOT USE: Cross-Site Scripting (XSS) and DoS Vulnerabilities

Hi @vitago,
Thanks for choosing IntellyWP products.?
?
We’re sorry for the delay, we’re working to a major update with new features, including the fix for the following vulnerability.

?Could you please send an email to [email protected] to open a ticket in our tech team helpdesk and receive this fix?

Thank you.
?
?Have a nice day
?
?Alex.

Hi Alex,

I’ll reach out to you by E-mail. Removing the rating, as i think it’s good you respond and actively are doing something to prevent this. Though I think issues like this should be pushed via an security fix, and not wait for some features to be pushed with it.

Hi Jesper,
Thank you so much.

I sent you the plugin from our helpdesk.

We hope to release this update as soon as possible.

Let me know.

?Have a nice day
?
?Alex.

Any update yet? I agree with @vitago dat this should be resolved in a security update and not wait for the big functional update!

Hi Jos,
Thanks for choosing IntellyWP products.?

Unfortunately this update is not still available.

?Could you please send an email to [email protected] to open a ticket in our tech team helpdesk and receive this fix?

Thank you.
?
?Have a nice day
?
?Alex

I’ve sent an email to support and a report to [email protected], because this isn’t the right way to patch known vulnerabilities!

I think it’s the right decision to bring in the wp team. This issue has been open since 04/04/2017.

Hi Jos,

I sent you the plugin from our helpdesk right now.

Let me know.

?Have a nice day
?
?Alex.

How do I know that the vulnerability is actually fixed if a third party can’t test it? That’s why the update should be released as a security update.

Hi Jos

Could you please send us an email to [email protected] about that?

You can follow the report from DefenseCode
https://www.defensecode.com/advisories/DC-2017-01-020_WordPress_Tracking_Code_Manager_Plugin_Advisory.pdf

Let me know.

?Have a nice day
?
?Alex.

NO

I’m not going to repeat myself, when you refuse to fix a vulnerability in your plugin. The report says your plugin is vulnerable and that’s why I’ve asked you to release a security update! You already know my question, so I’m waiting for an answer. The WordPress Plugin Team is already notified and they have removed this plugin from the repository.

Why not just release a security fix? This is really unprofessional. Glad this plugin has been taken off the repo.

Thanks for your help Jos.

Hi Guys,
I’m Alex, Lead Developer of LeadsBridge.
First of all, I want to apologize about this issue.
We already fixed this and we are waiting for the WP approval.

This issue was present in an unused code so fixing this is very easy, just comment and everything will be OK.

Sorry again for our slow speed but unfortunately was not scaled to the correct person.
Thanks again for your help, I’ll update here once approved.

Thanks, Alex.

Hi Alex,

Thanks for your response. Glad to hear the issue has been fixed, and you are in contact with the WP team.
Looking forward to it being back on the repo.

Another time, be sure to deploy features and security updates separate.

Best regards,
Jesper