Cloudways notification: Version <= 2.8.10 SQL Injection Vulnerability

  • virtualedgesolutions

    (@virtualedgesolutions)


    1 month ago

    I received a notification today about a detected vulnerability in this plugin. For now, I’ve disabled the plugin. Please verify the validity of the vulnerability. Since I use this plugin for my own security, I’d like to re-enable it, if it is itself secure.

    Subject: Alert: Vulnerabilities detected on your application

    Email body:

    We are writing to inform you about a critical matter related to your website’s security. Our vulnerability detection system (powered by patchstack.com) has detected potential security vulnerabilities in your application that require immediate attention.

    We strongly recommend implementing the following steps immediately:

    Take a backup of your application.
    Update the identified core, theme, or plugin (listed below) to a newer version
    If an update is unavailable for a theme or plugin component, we recommend deleting it and replacing it with an alternative.

    Here are the detected vulnerabilities in your application:
    WordPress Customer Email Verification for WooCommerce plugin <= 2.8.10 – SQL Injection vulnerability

Viewing 8 replies - 1 through 8 (of 8 total)
  • Abd Hindi

    (@abdhindi97)

    Hi there,

    I will forward this notification to the development team for their review, and we will get back to you as soon as possible.

    Thanks for your time.

    Best regards,

    richsadams

    (@richsadams)

    I have received the same notification warning from WordFence for our site.

    Plugin Name: Email Verification for WooCommerce
    Current Plugin Version: 2.8.10
    Details: To protect your site from this vulnerability, the safest option is to deactivate and completely remove “Email Verification for WooCommerce” until a patched version is available.

    Thank you.

    Plugin Support Taha Amin

    (@tahaamin)

    Hello richsadams,

    We apologize for the inconvenience you’re experiencing with the same issue. Our team is still working on it, and we will keep you updated as soon as possible.

    Best regards,

    fimo66

    (@fimo66)

    Hi,

    i got the same info today: “…….The Email Verification for WooCommerce plugin for WordPress has a security issue that allows attackers to access sensitive information in versions up to 2.8.10. This is because the plugin does not properly handle user input and existing database queries, making it possible for attackers to add their own queries and extract information.”

    My version is 2.8.10 , so any update on a fix for this urgent matter ?

    • This reply was modified 1 month ago by fimo66.
    Plugin Author WPFactory

    (@wpcodefactory)

    Hi everyone,

    We apologize for the issue here, we’re currently working on it and a new update will be released very soon.

    Thank you,

    WPFactory

    richsadams

    (@richsadams)

    Thank you!

    Plugin Contributor Pablo Pacheco

    (@karzin)

    Hi guys,

    The new version 2.9.0 I just released should fix the issue. Please, update the plugin and let me know if you notice anything.

    richsadams

    (@richsadams)

    I’ve installed it on a staging site without encountering anything unusual. If everything continues normally I’ll go ahead and install it on a live site overnight.

    Thank you!

Viewing 8 replies - 1 through 8 (of 8 total)
  • You must be logged in to reply to this topic.