Vulnerabilities found in the module

I’m patching this, but rest assured there’s nothing to worry about. The “vulnerability” allows a user with the subscriber role to dismiss the “Conditional Fields for Contact Form 7 requires you to install Contact Form 7” notice. The fact that this is even considered a security problem is ridiculous in my opinion, but I’ll fix it because otherwise the plugin will keep popping up in these security reports.

patched in version 2.4.1

Hello Jules ??

I’ve updated to 2.4.1, but this is still reported: https://patchstack.com/database/vulnerability/cf7-conditional-fields/wordpress-conditional-fields-for-contact-form-7-plugin-2-4-broken-access-control-vulnerability

Kind regards,

Cedric

Hi Jules, I can confirm I’m getting the same as @cedriccharles. It’s currently till reporting as vulnerable <=2.4.1 on patchstack and my security plugin (Solid WP) is flagging it as not fixed.

Is a further fix required to resolve the issue?

Many thanks.

No everything is fine. See https://www.ads-software.com/support/topic/vulnerability-issue-on-2-4-1/#post-17216076 (message still needs to be approved by moderator)