(XSS) vulnerability

Hello @mvsup

Please update the plugin to the latest version. This issue has been fixed in version 3.2.9 of the plugin, which was released on 5th July (3 weeks ago), in a coordinated action with other plugin developers.

If you are using the latest version (3.2.9), you are safe.

This problem was related to a third-party library used by a plugin to handle licenses. The good news is that this library is shared over plugins installed in your WordPress, and always the latest version is used by the site.

You can read more about it here:

https://freemius.com/blog/freemius-wordpress-sdk-security-vulnerability/

@mvsup

Please acknowledge that reporting security vulnerabilities in public forums is not the best idea. I have noticed that you have posted the same thread in other plugins’ forums. And some of them do not have a patch released yet. This kind of issue should be reported privately. I will contact forum moderators and ask them to hide the information you disclosed.

https://developer.www.ads-software.com/plugins/wordpress-org/plugin-security/reporting-plugin-security-issues/

Thanks for the solution and the links, this is valuable information.

Small addition. These vulnerabilities have been on the patch stack for some time. Otherwise, of course, I would never discuss vulnerabilities in a public forum. It has also been displayed by well-known scanners for some time. You are absolutely right about privately reporting vulnerabilities.

@mvsup

Yes! You are right. I have consulted this case with forum moderators. They have told me that now, after 5 days since public disclosure, it is perfectly right to share these issues in public forums. Thank you for your proactive approach to this matter.

Let’s just hope that these plugin developers will release a fix right away ??

Thanks for your understanding! let’s hope for quick fixes. Thanks again.