Jili demo slot libre free download,Jilibet donnalyn login philippines download.REGISTER NOW GET FREE 888 PESOS REWARDS!

Resolved criscp
(@criscp)

6 months, 1 week ago

Warning from Jetpack protect:

1 threat in your Kadence Blocks – Gutenberg Blocks for Page Builder Features 3.2.38

Kadence Blocks – Gutenberg Blocks for Page Builder Features (3.2.38)Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.2.34 – Contributor+ Stored XSSWhat is the problem?

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as adminSee more technical details of this threat(opens in a new tab)

The page I need help with: [log in to see the link]

Viewing 4 replies - 1 through 4 (of 4 total)

Plugin Support Gilbert Hernandez
(@ghernkadence)

6 months, 1 week ago

Hello @criscp

To report security issues, you can view Kadence’s security disclosure. However, the Jetpack warning mentions an issue that was corrected in Kadence Blocks v3.2.35. Please be sure to update to the newest version of Kadence Blocks to avoid the threat. Unfortunately, it sometimes takes a while for third-party plugins to update their databases.

stphnwlkr
(@stphnwlkr)

6 months, 1 week ago

I sent this to the Kadence team last week. To date, there is not a fix that addresses all the issues.While the finding states <= to 3.2.34 it also states that there is no known fix. Version 3.2.35 and beyond have yet to address the issues. I know 3.2.36 added some sanitization updates, but until the “No known fix” statement is updated, the WP scanners will continue to identify this as a vulnerability.

Plugin Support Gilbert Hernandez
(@ghernkadence)

6 months, 1 week ago

Here is information showing that the vulnerability was patched.

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/kadence-blocks/gutenberg-blocks-by-kadence-blocks-page-builder-features-3234-authenticated-contributor-stored-cross-site-scripting

As I mentioned, it can take some time for third-party plugins to update their databases.

Plugin Support karlalevelup
(@karlalevelup)

5 months, 3 weeks ago

Hi, @criscp

This vulnerability has been marked as patched. I’ll proceed to mark this topic as resolved.

If you have further questions or need additional assistance, feel free to start a new topic.

Regards,
Karla

Viewing 4 replies - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.