Security Vulnerability

  • Resolved chiimchiim

    (@chiimchiim)


    5 months, 2 weeks ago

    We have noticed that the plugin has a security vulnerability allowing unauthenticated visitors to download the entry data for submitted forms in the latest version, so we have to deactivate the plugin immediately. Could you please help fix this?

Viewing 3 replies - 1 through 3 (of 3 total)
  • Russ

    (@gfxdesigner)

    Until there is an official patch from the plugin developer, you could do the following:

    1. Edit /admin/class-advanced-cf7-db-admin.php
    2. Search for the following on Line 1405: function vsz_cf7_export_to_excel($fid, $ids_export){
    3. Add the following directly below it.
    // Check if the current user has the required capability
if (!current_user_can('manage_options')) {
    return 'You do not have the permission to export the data';
}

    Just subscribing to this thread.
    Thanks @gfxdesigner

    Plugin Author Vsourz Digital

    (@vsourz1td)

    Yes, we have resolved this issue, kindly update the plugin

Viewing 3 replies - 1 through 3 (of 3 total)
  • You must be logged in to reply to this topic.