M Woldt
Forum Replies Created
-
WordFence is reporting a critical security vulnerability with the latest version of BigCommerce for WordPress (all version up to and including 5.0.7). Here is the text from the vulnerability:
Description
The BigCommerce For WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.0.7. This makes it possible for unauthenticated attackers to extract sensitive data.
This is the link: BigCommerce <= 5.0.7 – Unauthenticated Sensitive Information Exposure
Do you have an estimate time-frame on when this will be addressed? Thanks in advance.
Forum: Plugins
In reply to: [Zero Spam for WordPress] Vulnerability DiscoveredHere’s the patchstack report on the vulnerability:
This plugin is still coming up in WordFence with a critical security vulnerability (for version 5.0.7 and before). Here is the WordFence link: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/bigcommerce/bigcommerce-506-unauthenticated-sensitive-information-exposure
Forum: Plugins
In reply to: [WP responsive FAQ with category plugin] Security Vunerability (v 3.8)According to WordFence:
Multiple WPOnlineSupport plugins for WordPress are vulnerable to unauthorized modification of data due to a missing capability check on the wpos_anylc_admin_init_process() function hooked via admin_init in various versions. This makes it possible for unauthenticated attackers to dismiss a license notice.
You can check out the link I originally posted to see more details.
Thanks