Security issue

  • Resolved nickmerk

    (@nickmerk)


    8 months ago

    Please advise on this security issue we received from our host.

    At WP Engine we take the security of your sites very seriously, and make every effort to keep our customers aware of any potential security risks. We are reaching out to you today because we identified resources that may be utilizing a vulnerable version of the wp-table-builder plugin.

    The vrnevada on dpvideo is running version 1.5.0.
    The everysmile on dpvideo is running version 1.4.15.

    WP Engine summary of the vulnerability: Data from an attacker could be interpreted as code by site visitors’ web browsers. The ability to run code in another site visitors’ browser can be abused to steal information, or modify site configuration.

    This vulnerability’s information has been verified by WPScan. Please note that questions related to this notification should be directed to WPScan, the plugin Author or the 3rd-party researcher for the most accurate information.

    Resources providing further information on this vulnerability:

    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3282
    https://research.cleantalk.org/cve-2024-3282/
    https://wpscan.com/vulnerability/12bf5e8e-24c9-48b9-b94c-c14ed60d7c15

    There does not appear to be a fix for this update at this moment and we recommend updating when one becomes available.

Viewing 6 replies - 1 through 6 (of 6 total)
  • Plugin Author Imtiaz Rayhan

    (@imtiazrayhan)

    Hi,

    In the latest update, we fixed a security issue similar to this.

    We will coordinate with WPScan, to see if it’s the same issue.

    We are investigating it right now.

    If further fix is needed, we will fix and release an update as soon as possible.

    We apologize for any inconvenience.

    Kind Regards.

    Thread Starter nickmerk

    (@nickmerk)

    Thank you for the prompt response.

    Any updates?

    Plugin Contributor Zahin Azmayeen

    (@permafrost06)

    Hi @on4bam, we’re testing a fix that we hope we can release very soon.

    Plugin Author Imtiaz Rayhan

    (@imtiazrayhan)

    Hi everyone,

    The security issue was fixed in the update.

    Kind regards.

    Thread Starter nickmerk

    (@nickmerk)

    Thanks for the update!

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Security issue’ is closed to new replies.