Vulnerability detected. Please fix ASAP

  • Resolved Gal Baras

    (@galbaras)


    6 months, 1 week ago

    Please see the linked page for details on the vulnerability and release and update to fix it as soon as possible.

    Thank you!

    The page I need help with: [log in to see the link]

Viewing 11 replies - 1 through 11 (of 11 total)

  • I do not understand what to do.
    And is it indeed necessary? Or is waiting for an update from the developper a better idea?

    Thread Starter Gal Baras

    (@galbaras)

    The severity of this issue depends on your site. I see now that this plugin is temporarily blocked for download, after not being updated for 2 years and for having a security issue. Maybe it’s time to look for an alternative ??

    Thank you, Gal.

    I am happy to look for an alternative and I am happy to pay for it as well.
    What holds me back is that this Lucky TOC is deeply embedded in my website. Meaning I also have created many internal crosslinks with it. Which I think are also indexed within search engines.

    Do you know about a plugin who can not just replace the Lucky TOC plugin, but all it’s existing TOC’s and all the internal crosslinks with it? Otherwise I fear loads, loads of work.

    By the way: What do you mean with “The severity of this issue depends on your site.”?
    And: I can show you my URL here. Or could this be potentially harmful to do so?

    Willing and ready to help you with some kind of help in return. (I know about SEO.)

    Lex, local tour guide from Amsterdam

    Thread Starter Gal Baras

    (@galbaras)

    I’ve decided to go with Easy Table of Contents, which is free and has 500,000 active installations. I’ve had to adjust some styling via its configuration and CSS, and since it has an import/export function, those are both easy to copy from site to site.

    The challenge might be if you’ve used specific shortcodes, but if you’ve only used the simply one, you can either do a global replace in the database or use code that maps [lwptoc] to the function that runs [ez-toc]. I’m going to do the global replace, because it’s more efficient. If you’re not confident doing it yourself, you can use the plugin method (and make sure you have a good backup beforehand).

    Good luck!

    Lex van Buuren

    (@lexperiences)

    Hi Gal,

    Thank you very much for writing this.

    I am trying to understand what you have written. This is not easy for me. I will re-read it again later in the day.

    Plugin Author LuckyWP

    (@theluckywp)

    Vulnerability?is fixed.

    Thread Starter Gal Baras

    (@galbaras)

    That’s great, but too late for me ??

    You might want to inform Patchstack, because the report page still says there’s no fix.

    Plugin Author LuckyWP

    (@theluckywp)

    Ok, thank you for info.

    That is so great! Thank you for fixing. ??

    Lex van Buuren

    (@lexperiences)

    Message for @theluckywp : as from yesterday Wordfence re-announces problems with your plugin. It now talks about a security leak. Could you get back to me and us about this?

    Thread Starter Gal Baras

    (@galbaras)

    @lexperiences This thread is resolved. You need to start a new one.

Viewing 11 replies - 1 through 11 (of 11 total)
  • The topic ‘Vulnerability detected. Please fix ASAP’ is closed to new replies.