Another security risk picked up on 6.9.0

This was resolved in 6.9.0, the Sensitive Data Exposure via Log File along with the issue from December:

https://github.com/EvanHerman/yikes-inc-easy-mailchimp-extender/issues/916

?

Excellent news. I have sent in a report to patchstack about their current entry about this WordPress Easy Forms for Mailchimp plugin <= 6.9.0 – Sensitive Data Exposure via Log File vulnerability – Patchstack to get the status updated to reflect the fix.

Had queried this status of this security issue for 6.9.0 and have just got the following back after a review by PatchStack:

“We still don’t see that the log filename has been secured by adding a sufficient length of random string as the prefix or suffix on version 6.9.0. Additionally, we also recommend to apply .htaccess rule to prevent direct access.”

Can you possibly look into this again please.

I posted the issue on their Github and quoted what Patchstack said from what you posted.

@andrewlmacaulay