Security issues <3.4.2 in Pro – do they exist in Lite?

  • Resolved caordawebsol

    (@caordawebsol)


    2 years, 6 months ago

    Our client is using the Lite version of the plugin but iThemes has alerted us to issues in the plugin prior to v3.4.2:

    wpDataTables < 3.4.1 – Unauthenticated SQL Injection
    wpDataTables < 3.4.2 – Improper Access Control leading to Table Permission Takeover
    wpDataTables < 3.4.2 – Improper Access Control leading to Table Data Deletion
    wpDataTables < 3.4.2 – Blind SQL Injection via start Parameter
    wpDataTables < 3.4.2 – Blind SQL Injection via length Parameter

    Can you pls confirm that these issues do not exist in the current Lite version?

    Many thanks

Viewing 1 replies (of 1 total)
  • Plugin Author wpDataTables

    (@wpdatatables)

    Hello, caordawebsol
    The vulnerability was found in the full version of wpDataTables v3.4.1, so all premium versions before that can be affected.

    Lite version does not have these functionalities (such as SQL based tables),
    so Lite version was never affected.
    Those reports are not related to the Lite version, but they can be reported in the lite version because the resources where this information about themes or plugins vulnerabilities are stored are generated by the theme or the plugin slug. Those slugs are the same in both lite and the full version, and because of that, you get those notifications.

    The important thing is that there’s nothing to worry about. Newer versions of the wpDataTable premium don’t have these issues, ( the latest one is 4.5)

    and Lite versions never did.

    I hope this helps, do let us know if you need any further assistance.

Viewing 1 replies (of 1 total)
  • The topic ‘Security issues <3.4.2 in Pro – do they exist in Lite?’ is closed to new replies.

Tags