Livemesh addons threat

  • Resolved sohamhaldankar

    (@sohamhaldankar)


    4 months, 2 weeks ago

    I am being given threat issues by jetpack regarding this plugin.

    I am getting 4 threats. I will paste the message of one of the threats I am getting- “The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 8.3.7 via several of the plugin’s widgets through the ‘style’ attribute. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.”

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Author livemesh

    (@livemesh)

    They all have been resolved few days back and has been confirmed by the WordPress plugins review team. I expect the plug-in to be taken out of these notices in next 2-3 days. Pls note that these affect only when the hacker has editor privileges on your site. That person should have an account with elementor access and they must use specialized tools to intercept the plug-in data.

    Thread Starter sohamhaldankar

    (@sohamhaldankar)

    Ok thanks.
    I will be waiting for these notices to go away.

    Plugin Author livemesh

    (@livemesh)

    The plugin is back for download at www.ads-software.com and the notices should go away in couple of days.

    I have informed the wordfence team to remove these notices for newer versions of the plugin. Thanks

    Tara Claeys

    (@taraclaeys)

    This alert is still coming from Wordfence for the Premium version of this plugin. Can you advise?

    Plugin Author livemesh

    (@livemesh)

    What is the exact error message? Is it mentioning a particular version number? Are you on the latest version of the plugin?

    We have resolved all the errors reported by wordfence but I will check with them once anyway.

Viewing 5 replies - 1 through 5 (of 5 total)
  • You must be logged in to reply to this topic.