Security risk warnings from WPEngine

  • rushwp

    (@rushwp)


    5 months ago

    Dear Plugin Support Team,

    I hope this message finds you well. I am writing to urgently bring to your attention several critical security vulnerabilities identified in version 2.6.7 of the WordPress Custom Field Suite plugin. These vulnerabilities have been flagged by our hosting provider, WPEngine:

    1. Security risk: SQL Injection (sqli)
      • Severity: High
      • Description: Unauthenticated visitors can inject SQL statements, potentially gaining control of the site.
    2. Security risk: Remote Code Execution (rce)
      • Severity: High
      • Description: Attackers could modify site configuration, potentially adding backdoors.
    3. Security risk: Cross-Site Scripting (xss)
      • Severity: Medium
      • Description: Allows attackers to execute code in visitors’ browsers, leading to information theft or site configuration modification.

    Thank you for your prompt attention to this matter. I look forward to your response.

Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
  • You must be logged in to reply to this topic.