Excellent plugin, security flaw, needs update

  • Wordfence is telling me to uninstall this plugin please update it as it’s always been extremely useful.

    This is what they say:

    The YARPP – Yet Another Related Posts Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 5.30.10. This makes it possible for unauthenticated attackers to perform an unauthorized action.

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author YARPP

    (@jeffparker)

    Hi?@rhubub

    We’re working on resolving the issue. Unfortunately, we weren’t notified by the reporting party, which is the standard practice before any vulnerability is published. We have since reached out to them and are awaiting details on how to replicate the bug. For those interested, you can track our progress on this issue here: https://www.ads-software.com/support/topic/update-713/. As noted by the reporter, this issue has “a low severity impact and is unlikely to be exploited.”? Details in the link.

    Plugin Author YARPP

    (@jeffparker)

    Hi?@rhubub?We are pleased to share that the issue has been resolved in version 5.30.11, and both Patchstack and Wordfence have verified the patch, marking it as fixed. If possible, we’d greatly appreciate it if you could reconsider your review based on these updates. Your support is invaluable, and we’re committed to keeping the plugin secure and reliable. Please let us know if there are any other concerns. Thanks again for your patience and support!

Viewing 2 replies - 1 through 2 (of 2 total)
  • You must be logged in to reply to this review.