Patchstack vulnerability: <= 13.3.1 – Sensitive Data Exposure vulnerability

  • Resolved Steve

    (@thewebsmiths)


    7 months, 2 weeks ago

    Hi,
    My Plesk WP Toolkit has emailed me the following:

    WordPress Product Feed PRO for WooCommerce plugin <= 13.3.1 - Sensitive Data Exposure vulnerability
    Sensitive Data Exposure vulnerability discovered by Yudistira Arya (Patchstack Alliance) in WordPress Plugin Product Feed PRO for WooCommerce (versions <= 13.3.1)
    Source:?Patchstack

    Is this known / is there an update in the pipeline?
    Thanks

    The page I need help with: [log in to see the link]

Viewing 7 replies - 1 through 7 (of 7 total)
  • Plugin Author Josh Kohlbach

    (@jkohlbach)

    Hi Steve,

    Thanks for bringing this to our attention ?? I haven’t had contact from PatchStack yet about this, but we’re in the middle of changing out account around with them. I’ll follow up.

    A Z

    (@ahmedzeidan)

    Getting the same notification using SolidWP

    Plugin Author Josh Kohlbach

    (@jkohlbach)

    Thanks for confirming @ahmedzeidan.

    Guys please do feel free to reach out via our support form here or support [at] adtribes dot io and send along the report you received.

    This is not yet solved. SolidWP is reporting this issue. Please resolve and share some more information.

    any updates ?

    Plugin Author Josh Kohlbach

    (@jkohlbach)

    Hi folks, we have finally made contact with PatchStack and have the information in hand.

    It is very minor and only happens if you have the debugging on. If you don’t, then there is no problem at all. The information it potentially exposes is also non-critical.

    This said, we’ll still be patching as soon as possible. Please keep an eye out this week.

    Plugin Author Josh Kohlbach

    (@jkohlbach)

    Hi all, please upgrade to 13.3.2 as soon as convenient. This includes the security fixes.

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘Patchstack vulnerability: <= 13.3.1 – Sensitive Data Exposure vulnerability’ is closed to new replies.