Vulnerability in latest update 1.23.3

Hi,

Thanks for the report.

A member of the team are reaching out to ManageWP to fix that, as it’s wrongly reporting that version 1.23.3 has the issue but thats the version that contains the fixes.

Best Wishes,

Ashley

I wonder if the issue is because ManageWP uses PatchStack, who is reporting “WordPress UpdraftPlus Plugin 2.22.14-2.23.2?is vulnerable to Broken Access Control.” I’m guessing a typo on their part that in turn creates an error report?

I reached out to ManageWP and here is what they said:-

“

Since your plugin is updated to the latest version, this is indeed a false positive. I can confirm it’s safe to ignore.

I do think that since the update just came out yesterday, Patchstack didn’t reflect that information just in time.

We will keep an eye on it, but I do hope this will be resolved in a timely manner. Thank you for reporting it to us.

If there’s anything else I can assist you with, please let me know.”

It is appearing to be a Patchstack issue as a false positive or ManageWP linking to the wrong plugin.

Hi Rhys,

Thank you for sharing this information. I can confirm that the latest release did patch the vulnerability.

Thanks!

It’s just more frustrating right now that ManageWP are sending me and my client Security Vulnerabilities about it, I can see us becoming blind to it.

I totally get it’s not your fault though ??