security vulnerability

  • Resolved c4concepts

    (@c4concepts)


    11 months, 3 weeks ago

    Hi,
    This plugin is being flagged as having a security vulnerability flagged by Wordfence Security.

    Are you aware and is there an update coming soon to resolve this issue?

    Many thanks.

Viewing 5 replies - 1 through 5 (of 5 total)

  • Also, in Jetpack Protect:

    The Quantity Plus Minus Button for WooCommerce by CodeAstrology plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.9. This is due to missing or incorrect nonce validation on the wqpmb_form_submit function. This makes it possible for unauthenticated attackers to update the plugin’s options via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

    Any clue?

    Plugin Author Saiful Islam

    (@codersaiful)

    Thanks for informing us. We will check and fix it in next update.
    Thanks

    Thread Starter c4concepts

    (@c4concepts)

    Is the next update planned urgently. I’m considering my options to remove and replace the plugin in several sites as I can’t have them running with known vulnerabilities, but that is a time-consuming process, so I’m hoping the ‘Update Available’ notice appears in my sites admin very soon?
    Cheers

    Plugin Author Saiful Islam

    (@codersaiful)

    Today I will check out it.

    Plugin Author Saiful Islam

    (@codersaiful)

    Hello @cesarmarti and @c4concepts
    I have added Nonce verification for form.
    Please update your plugin.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘security vulnerability’ is closed to new replies.