BackWPup 3.0.12 Security Vulnerability Notification (XSS)

Viewing 6 replies - 1 through 6 (of 6 total)

  • Thank you for this notification…!
    I’m definitely subscribing to this thread.

    Hoping the developers will respond!

    Be nice to hear from one of the developers on this. At least a comment given the current surge in attacks on WP sites. Great plugin, but is it introducing a vulnerability?
    Thanks

    The details of this vulnerability will be made public August 7, 2013 so hackers everywhere can exploit it.

    The vendor was notified on June 19, 2013.

    Can we get an update from Daniel Huesken, Frank Bültge, Robert Windisch or Inpsyde GmbH ?

    Thread Starter htbridge

    (@htbridge)

    Please don’t worry, our main concern is end-users security and we are not going to disclose anything before a patch will be available.

    However it would be nice if the vendor could be more reactive =)

    We moved public disclosure to August 14, 2013

    The details have been released on August 21, 2013, see link in first posting.

    Vulnerable Versions: 3.0.12 and probably prior
    Tested Version: 3.0.12

    Seems to be fixed, changlog of 3.0.13:

    Fixed: Cross-site scripting issue. Thanks to High-Tech Bridge for helping us…

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘BackWPup 3.0.12 Security Vulnerability Notification (XSS)’ is closed to new replies.