Advanced Form Integration Vulnerability – Please advise

  • Resolved WeDev.Africa

    (@mad2kx)


    1 year, 7 months ago

    Good day,

    our WordPress Monitoring system flagged the following for your plugin. Could you please advise? We are using latest version 1.69.3

    Category:PLUGIN

    Versions-Affected:< 6.2

    Type:Cross Site Scripting

    Severity:HIGH

    Fixed-in:6.2

    Description:Rafie Muhammad (Patchstack) discovered and reported this Cross Site Scripting (XSS) vulnerability in WordPress Connect Contact Form 7, WooCommerce To Google Sheets & Other Platforms – Advanced Form Integration Plugin. This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. This vulnerability has been fixed in version 6.2.

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author Nasir Ahmed

    (@nasirahmed)

    Hello,

    There was a vulnerability discovered in the Freemius library and it was fixed at the beginning of July, 2023. The last line of your message also says that. Currently there is no existing vulnerability we are aware of.

    Thread Starter WeDev.Africa

    (@mad2kx)

    Hi there,

    so why do I keep getting this message then?

    Plugin Author Nasir Ahmed

    (@nasirahmed)

    Hello,

    The vulnerability issue was fixed and updated on July 05 with AFI version 1.69.1. That’s a Patchstack report and you can see the fixation history here: https://patchstack.com/database/vulnerability/advanced-form-integration.

    I can’t answer why you are still getting the message with an updated AFI version. Better check with your monitoring system support.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Advanced Form Integration Vulnerability – Please advise’ is closed to new replies.