Where has Insert Pages Plugin Gone

  • The “Insert Pages” plugin by Paul Ryan appears to have disappeared from the WordPress Plugin website, anyone know why?
    (Last version I believe was 3.2.3)

    The page I need help with: [log in to see the link]

Viewing 4 replies - 1 through 4 (of 4 total)

  • Yes, it is missing for me, as well.
    I like it a lot… Where did it go?

    Thread Starter Christopher Hilling

    (@chilling)

    The WordPress Plugns page Inset Pages has now reappeared on the www.ads-software.com site so this issue is now resolved.

    https://www.ads-software.com/plugins/insert-pages/

    Can we know the reason why was plugin removed from www.ads-software.com repo?

    Plugin Author Paul Ryan

    (@figureone)

    A vulnerability report was submitted. Basically, a nefarious Editor (or above) on your site could specify a custom template in the Insert Pages shortcode that was outside of the WordPress root (directory traversal attack). Combined with the ability to insert custom PHP code into the web server logs by specifying a fake User Agent string, the attacker could execute arbitrary code by pointing the custom template to the log file.

    The vulnerability is mitigated by the fact that the attacker would already need an account on your WordPress site with Editor privileges or higher.

    The vulnerability was fixed in 3.2.4, and I’ll be releasing another update soon because the fix was a bit too restrictive and messed with legitimate custom template uses (if the custom templates are in a child theme instead of the parent theme).

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Where has Insert Pages Plugin Gone’ is closed to new replies.