Jili t7 register online philippines no deposit bonus,Nice ph win.REGISTER NOW GET FREE 888 PESOS REWARDS!

webartist00
(@webartist00)

1 year, 4 months ago

Hi there,

I am using your plugin on several sites. Unfortunately now I get Messages that a vulnerability has discovered.

“WPS Limit Login v1.5.6
Low Race Condition vulnerability discovered by konagash (Patchstack Alliance) in WordPress Plugin WPS Limit Login (versions <= 1.5.6)”

Will that me solved within the next patch? Yes? When will the next update be launched?

Thank you very much in advance!

Kind regards,

Thomas

Viewing 15 replies - 1 through 15 (of 15 total)

strettonbull
(@strettonbull)

1 year, 3 months ago

Same applies to me. Following thread.

MaximeWPS
(@seinomedia)

1 year, 3 months ago

Hello,

Thanks for using WPS Limit Login.

Our dev team is working on a patch. We hope we’ll find a patch and release a new version very soon.

If you get a way to solve this vulnerability, we’ll be happy to check it ??

Thread Starter webartist00
(@webartist00)

1 year, 3 months ago

Thanks. Can you please inform me here as soon as the problem is solved. Thank you very much!

shaunek
(@shaunek)

1 year, 3 months ago

@seinomedia If your developer is struggling to find fix perhaps you can share more details on what the race condition is and we in the community can take a closer look. I might be able to spend an hour or two looking at it but I would like a little more direction on how to reproduce or otherwise get pointed out in the right direction before I commit some time.

MaximeWPS
(@seinomedia)

1 year, 3 months ago

Thanks @shaunek

A “race condition” happens when multiple processes or threads access shared resources or data simultaneously, and the outcome is dependent on the order in which these processes execute.

strettonbull
(@strettonbull)

1 year, 3 months ago

You’ve released an update, but the same critical vulnerability exists!

Thread Starter webartist00
(@webartist00)

1 year, 3 months ago

Indeed, the update hasn’t fixed it on my end as well.

MaximeWPS
(@seinomedia)

1 year, 2 months ago

Hello,

This issue doens’t exist anymore since the last release.

Can you check it, please ?

Thread Starter webartist00
(@webartist00)

1 year, 2 months ago

Hello Max – already have checked it, sadly the issue still exists in the version 1.5.7.

strettonbull
(@strettonbull)

1 year, 2 months ago

Yes – it’s still there, according to Wordfence.

MaximeWPS
(@seinomedia)

1 year, 2 months ago

Hello,

Wordfence, database isn’t up to date. This issue has been fixed.

The last release has been validated by Patchstack :
https://patchstack.com/database

shaunek
(@shaunek)

1 year, 2 months ago

@seinomedia Thanks for sharing and thanks for resolving for us.

As a side note it is kinda weird that the vuln report doesn’t even exist on Patchstack anymore. When I search for “WPS Limit Login” I get 1 result from 2019 but not the vuln discussed in this thread. But I do see that the Wordfence page links to a no-longer-working page on Patchstack (https://patchstack.com/database/vulnerability/wps-limit-login/wordpress-wps-limit-login-plugin-1-5-6-race-condition-vulnerability). Odd that the Patchstack page does a redirect and it isn’t searchable any longer.

strettonbull
(@strettonbull)

1 year, 2 months ago

I will re-install once Wordfence says it is safe to do so.

Thread Starter webartist00
(@webartist00)

10 months, 3 weeks ago

Hi, sorry for my delayed response! On my end, the vulnerable warning in Wordfence is still appearing. @strettonbull, is it working for you, or is it also still showing in Wordfence? No? What have you done to achieve that? Kind regards.

strettonbull
(@strettonbull)

10 months, 2 weeks ago

It’s still showing in Wordfence.

Viewing 15 replies - 1 through 15 (of 15 total)

The topic ‘Race Condition vulnerability discovered’ is closed to new replies.