Cross Site Request Forgery (CSRF)

Can someone please advise if this is being looked at or if we need to uninstall this plugin and look for an alternative.

Thanks

Hello @aaronbennett2097,

We are sorry for not replying more promptly.

And yes, our engineers are aware of it. We will make sure to update the forum once we have an update on the state of this.

– The ShareThis Support team.

Hello again,

Although we don’t have a specific ETA, we will be rolling out an update to fix this soon.

Thank you for your understanding,

– The ShareThis Support team.

Thanks for the speedy fix, will update now.

Hi @aaronbennett2097,

No problem! Thanks for sharing the report with us.

Hey @artprojectgroup, as stated above, we have released an update to fix this, please update the plugin to version 8.4.7.

Thank you!

Hi,
iThemes is still reporting this as no fix available. They get their data from Patchstack which says no reply from vendor: https://patchstack.com/database/vulnerability/simple-share-buttons-adder/wordpress-simple-share-buttons-adder-plugin-8-4-6-cross-site-request-forgery-csrf?_a_id=431

Are you able to resolve this with Patchstack/iThemes so it no longer flags as being vulnerable?

Yeah same, I’m getting notifications still, but am a little relieved I know it’s a false negative and the issue is fixed.

@aaronbennett2097 Manually adjust by ftp the version number in the plugin to 8.4.7.1 and The Ithemes plugin stops warning you. ??

https://share.getcloudapp.com/o0uYWdEW