Plugin security ver 1.4.10 medium-risk vulnerability warning

  • Resolved justaniceguy

    (@justaniceguy)


    1 year, 7 months ago

    Since few days ago I am getting warning that WP Table Builder version 1.4.10 has a medium-risk vulnerability warning. The details are:

    Input validation vulnerability in Freemius SDK 2.5.9 (1072 components affected)

    • CVE-2023-33999
    • Severity: medium-risk
    • Status: Fixed
    • Publication: July 18, 2023

    The Freemius SDK for WordPress is vulnerable to an attack known as Reflected Cross-Site Scripting. This attack is possible because of insufficient security measures in versions of the Freemius SDK up to and including 2.5.9. An unauthenticated attacker could inject malicious web scripts in pages that could be executed by tricking a user into performing an action, such as clicking on a link.

    Additionally, quote: “Security analysts at Patchstack have discovered that the popular plugin is vulnerable to CVE-2023-33999. This security vulnerability identified in the Freemius WordPress SDK (versions 2.5.9 and below) has set alarm bells ringing in the WordPress community, potentially impacting the over 7 million sites that rely on the thousands of plugins and themes that use this SDK.” Quotes end

    I am not that techy but I am asuming that plugin uses this component within itself and that’s why it has been flagged as vulnerable. Since 3 days ago Freemius published updated SDK version (2.5.10) that patches this issue.

    Hopefully you will accordingly update WP Table Builder plugin that will include patched version of F SDK. Thank you.

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Imtiaz Rayhan

    (@imtiazrayhan)

    Hi,

    Not sure why it was flagged but the current version of WP Table Builder is using Freemius SDK 2.5.10.

    It can be checked here https://plugins.trac.www.ads-software.com/browser/wp-table-builder/trunk/inc/core/freemius/start.php

    We updated it long before Freemius came public with the issue.

    Hope this helps.

    Kind regards.

    Thread Starter justaniceguy

    (@justaniceguy)

    Hello and sorry for delayed reply. I was waiting for the answer from SSL plugin support (since it was vulnerability notification by their plugin).

    Anyway, they have checked the tech facts you have posted above, updated their vulnerability database and cleared the warning from the system.

    Thanks to my thread if any of their 5+ million users that are using Really Simple SSL plugin have WP Table Builder plugin installed as well now they have cleared warning as well ??

    Wish you have a peaceful Sunday and successful upcoming week.

    Cheers.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Plugin security ver 1.4.10 medium-risk vulnerability warning’ is closed to new replies.