* The Plugin “Testimonial Rotator” has been removed from www.ads-software.com.

  • Mike

    (@thewordpressdude)


    3 years, 8 months ago

    Hello Hal,

    Today, I received the following from WordFence:
    Critical Problems:

    * The Plugin “Testimonial Rotator” has been removed from www.ads-software.com.

    Plugin contains an unpatched security vulnerability. Vulnerability Information

    Update includes security-related fixes. Vulnerability Information

    My question is, Will this be corrected soon, or should I uninstall it?

    Thanks,
    Mike

Viewing 8 replies - 1 through 8 (of 8 total)

  • I have had the same email, have deactivated for now and will wait to see if this is resolved.

    It appears that the developer hasn’t responded in the forum for quite some time, so I would assume this project was abandoned. I am deactivating and moving on.

    BIrdie

    (@goldendust20)

    @ozzdogg — Any idea what you’re moving on with? I have about 10 client websites using this plugin, looking for a similar alternative. ??

    Hi

    I have tested a few alterative testimonial plugins

    The best I could find is Easy Testimonials

    This plugin uses the data from from Testimonial Rotator

    So you actually have all testimonial entries, ready for use in Easy Testimonials

    Hope that helps?

    Snapper

    • This reply was modified 3 years, 8 months ago by Snapper65.
    • This reply was modified 3 years, 8 months ago by Snapper65.
    • This reply was modified 3 years, 8 months ago by Snapper65.
    • This reply was modified 3 years, 8 months ago by Snapper65.

    This exploit is not possible by anonymous visitors and requires another plugin to also be installed, this is important to understand:

    Stored Cross-Site Scripting vulnerabilities in Testimonial Rotator 3.0.3 allow low privileged <strong>users</strong> (Contributor, Author, Editor) to inject arbitrary JavaScript code or HTML without approval. This could lead to privilege escalation. The https://www.ads-software.com/plugins/themify-portfolio-post/ plugin also need to be installed for the issue to be exploited.

    So while a good thing to fix, unless you have the themify-portfolio-post plugin installed and other users with Contributor access or higher that you do not trust, your site is probably still pretty safe.

    I’m leaving this note because one of my other sites flagged it as well, and I wanted to understand how severe the issue was.

    ~ Rob

    Thanks Rob, that is great information as this plugin is invaluable and I really can’t find a comparable substitute.

    Hello @halgatewood – are there any updates to this or alternate plugin suggestions with the same functionality?

    This plugin was flagged by my Wordfence install too. I assume it is safe to leave in place so long as our site does not have any user accounts with lesser permissions than Administrator? Any plans to update this plugin @halgatewood ?

Viewing 8 replies - 1 through 8 (of 8 total)
  • The topic ‘* The Plugin “Testimonial Rotator” has been removed from www.ads-software.com.’ is closed to new replies.