Authenticated (Admin+) Double Extension Arbitrary File Upload

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author Arnan de Gans

    (@adegans)

    The issue, which wasn’t nearly as severe as they make it out, has been fixed years ago.

    https://ajdg.solutions/blog/bogus-security-issue-from-wordfence-for-adrotate-banner-manager/

    Thread Starter thomazcia

    (@thomazcia)

    Arnan, thanks for the reply and update. The case goes back years, as you mentioned, and this stance by Wordfence is strange. There are countless cases where, before making it public, they contact the author for resolution and, a few days after the update, they reveal the vulnerability.

    Anyway, thanks for the update.

    Hugs from Brazil

    Plugin Author Arnan de Gans

    (@adegans)

    Yea normal procedure is that there is a 2-3, or even 6, month grace period.
    As I wrote, there has been some contact but I don’t remember anything from it… So I have to take their word for whatever happened.

    The real problem is their lack of a followup though, allowing this to happen.

    Luckily they responded quickly this morning and closed the report.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Authenticated (Admin+) Double Extension Arbitrary File Upload’ is closed to new replies.