Removed from www.ads-software.com

Also, any news on if there is a security issue or reasons for the closure would be much appreciated. Wordfence is warning about it on our websites, but I haven’t seen any news about whether there is actually a security issue.

We have the same problem – Wordfence is warning. Is there a security problem?

• This reply was modified 4 months, 1 week ago by Wichtel5.

Hi,
I just received a Wordfence notification too, because I use this plugin for a client’s website.

The Wordfence alert was fired (and the ban from www.ads-software.com too I believe) because the plugin contains an unpatched security vulnerability.

Maybe the developer is just on vacation and a will provide a patch as soon as returning, but usually when a patch is detected, the developers are made aware of it way ahead of customers, in order to let them patch there plugins before the vulnerability is dislose to the public.

I strongly encourage you to remove the plugin from your websites. You can use the following plugin as a replacement: Safe SVG

Note: I’m not linked to this plugin, I’m just sharing my though.

+1

Looks like it is an unpatched CSS vulnerability, but that it can only be exploited by users with author-level access.

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/svg-support/svg-support-255-authenticated-author-cross-site-scripting-via-svg

I also received the Wordfence warning email yesterday. This plugin’s page says it was closed on July 16—it’s been three days now.

I’ll be looking for a replacement. If I remember correctly, SVG files are already quite “exploitable” by nature, so this issue still being unresolved at this point is a huge red flag. (Correct me if I’m wrong.)

If you have many websites with this plugin, here is the WP-CLI command to replace this plugin with Safe SVG (the most popular equivalent plugin):

wp plugin uninstall svg-support --deactivate
wp plugin install safe-svg --activate

Any updates on the status of this getting back? I’m ready to replace with Safe SVG, but won’t if I don’t have to.

Apologies for this! I was unfortunately logged out of the email monitoring the wp repo and been really busy lately helping family on top of regular work and totally missed this issue until now.

I’ll be submitting an updated version to the wp team for audit asap!

Thanks for the update @benbodhi!

tnx @benbodhi, hope you get it fixed soon.

Looking forward to the update! We have several sites using this plugin.

@benbodhi

Can you share anything about the timeline for this?

thx

I have submitted an updated version to the plugins team so they can check it and reinstate the plugin in the repository. Just waiting to hear back now.

Hopefully it’s not too long!

Thanks for your patience.

Thank you. Please let us know when the update is available for download. I have 59 sites using this plugin and would prefer not to have to replace it ??