When is the best time to play slot machines online reddit.Enjoy Free 888+200 Daily Legal Bonus

Resolved m4declare1
(@m4declare1)

1 year, 3 months ago
- Plugin Name: Booster for WooCommerce
- Current Plugin Version: 7.0.0
- Details: To protect your site from this vulnerability, the safest option is to deactivate and completely remove “Booster for WooCommerce” until a patched version is available. Get more information.(opens in new tab)
- Repository URL:
- Vulnerability Information:?

Viewing 11 replies - 1 through 11 (of 11 total)

Phil McKerracher
(@phil-mckerracher)

1 year, 3 months ago

I’m guessing this vulnerability was reported by WordFence a month ago (because I’m seeing it on the free plan) and no action taken so far, so it’s not looking good.

Thread Starter m4declare1
(@m4declare1)

1 year, 3 months ago

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/woocommerce-jetpack/booster-for-woocommerce-700-missing-authorization-to-arbitrary-options-update

Choni
(@chonicodefish)

1 year, 3 months ago

Following!

Phil McKerracher
(@phil-mckerracher)

1 year, 3 months ago

Quite a few other vulnerabilities already reported (and fixed) https://patchstack.com/database/vulnerability/woocommerce-jetpack

Anonymous User 21060144
(@anonymized-21060144)

1 year, 3 months ago

How is it possible that the developer has not replied to this after days? that is really very bad. you rarely experience that with a security problem.

Phil McKerracher
(@phil-mckerracher)

1 year, 3 months ago

I’m guessing they don’t even monitor this forum, only support tickets from paying customers.

danielbmxd
(@danielbmxd)

1 year, 3 months ago

Hello, but the vulnerability requires the condition that a user with shop manager role exploits it.

Phil McKerracher
(@phil-mckerracher)

1 year, 3 months ago

Good point, WordFence is hyperventilating a bit when calling it a “critical” vulnerability (not for the first time). I’m still looking for replacements though, because even though the scope is limited the severity is potentially high.

Plugin Author ronyp
(@ronyp)

1 year, 3 months ago

Hello,

We have recently released a new version with a fix for the vulnerable to Broken Access Control.
Kindly please upgrade your plugin for the same.

Kind Regards,
RonyP

danielbmxd
(@danielbmxd)

1 year, 3 months ago

In a way, this vulnerability was somewhat serious, but not as much as the impact that Wordfence or iThemes have when disclosing it in that manner, considering that many times users do not read the entire article.

Plugin Author ronyp
(@ronyp)

1 year, 3 months ago

Hello,

First of all my sincere apologies for the security vulnerability. We have worked for almost a year to fix all possible security vulnerabilities.

@phil-mckerracher The security glitch was found on the 2nd version, released on the 26th of last month. The patchstack reported an issue on the 01st August and we have fixed it and released it within a week. Regarding the forum, we regularly check the threads and take action according to the weightage of the topic.

@danielbmxd Thank you for raising the point of reality. Thank you all guys again for your patience and support.

Kind Regards,
Rony P – Booster Support Team

Viewing 11 replies - 1 through 11 (of 11 total)

The topic ‘Booster has a security vulnerability’ is closed to new replies.