Security Vulnerability

Viewing 7 replies - 1 through 7 (of 7 total)
  • Plugin Author Mike Walsh

    (@mpwalsh8)

    You must not have looked very hard for my email address since it appears in the header of every file in the plugin.

    I will take a look at this over he weekend.

    Thread Starter ethicalhack3r

    (@ethicalhack3r)

    I did not download the plugin. I checked your WordPress profile and your website.

    You’re welcome by the way. >_>

    Plugin Author Mike Walsh

    (@mpwalsh8)

    Don’t get me wrong, I appreciate the heads up and I will fix it. What I took issue with is the lack of attempt to contact me. I am pretty easy to find.

    What is your affiliation with Vapid Labs?

    I have attempted to replicate the vulnerability on my own site and I cannot as I don’t know the value to use for the ABSPATH argument. Without this value, the PHP simply fails. I suspose on some sites the value could be guessed but on many it won’t be easy to do so.

    Plugin Author Mike Walsh

    (@mpwalsh8)

    Fixed in v1.45-beta-3 which will be released to production fairly soon.

    My sincere apologies Mike, the mail I attempted to send you was stuck on my mail relay do to a hardware failure. I’ve been conditioned to expect that most developers ignore or don’t respond to my emails.

    Plugin Author Mike Walsh

    (@mpwalsh8)

    I have released v1.45 which addresses this security problem.

    Thanks Mike!

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘Security Vulnerability’ is closed to new replies.