Security Vulnerability

  • Resolved mbajadek

    (@mbajadek)


    2 years, 10 months ago

    Received this warning message regarding the plugin: Will you be releasing an update?

    At WP Engine we take the security of your sites very seriously, and make every effort to keep our customers aware of any potential security risks. We are reaching out to you today because we identified your site(s), changealifedv, is (are) utilizing a vulnerable version of the Responsive Tabs plugin.

    At this time, we are not seeing that the plugin author has released an update or patch for this vulnerability. WP Engine has attempted to reach out to the plugin author to request the timing of a patch. We will report back to you if/when we receive a timeframe for when the author expects to release one.

    WP Engine summary of the vulnerability: Data from an attacker could be interpreted as code by site visitors’ web browsers. The ability to run code in another site visitors’ browser can be abused to steal information, or modify site configuration.

    Original 3rd-party’s report on the vulnerability: Please note that questions related to this article should be directed to the 3rd-party researcher and not WP Engine:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36893
    https://wpscan.com/vulnerability/2429e4c2-ce77-4c72-8953-00fea8a28734

    We encourage you to assess the risk of continuing to use this plugin until a patch is released.`

Viewing 1 replies (of 1 total)
  • Plugin Author WP Darko

    (@spwebguy)

    Hi there!

    The Responsive Tabs plugin was patched and updated! We have gone over and updated other parts of the code too.

    Please update to 4.0.6 to get the latest security fixes.

    We take security very seriously and will be monitoring all of our plugins in the future.

Viewing 1 replies (of 1 total)
  • The topic ‘Security Vulnerability’ is closed to new replies.