Ultimate Striker slot demo.Enjoy Free 888+200 Daily Legal Bonus

Resolved bindevid
(@bindevid)

1 year, 5 months ago

Will you be issuing an update? WordPress Post View Count plugin <= 1.8.2 – Cross Site Request Forgery (CSRF) vulnerability Rio Darmawan discovered and reported this Cross Site Request Forgery (CSRF) vulnerability in WordPress Post View Count Plugin. This could allow a malicious actor to force higher privileged users to execute unwanted actions under their current authentication. This vulnerability has not been known to be fixed yet.

Viewing 13 replies - 1 through 13 (of 13 total)

Plugin Author Dipak Parmar
(@dipakparmar443)

1 year, 5 months ago

Hello @bindevid ,

Issue is fixed. Please update the latest version? And let me know.

Thanks!!!
Thread Starter bindevid
(@bindevid)

1 year, 4 months ago
Updated and still reported as vulnerable. Even worse, as it has been updated from Low to Medium severity. See here: https://patchstack.com/database/vulnerability/wp-simple-post-view/wordpress-post-view-count-plugin-1-8-2-cross-site-request-forgery-csrf-vulnerability?_a_id=431
- This reply was modified 1 year, 4 months ago by bindevid.
Thread Starter bindevid
(@bindevid)

1 year, 4 months ago

And here: https://wpscan.com/vulnerability/71802be9-aa4e-43f0-86d7-2f4378ee096b/

“The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks”

Ma?l
(@maelimhof)

1 year, 4 months ago

I also still get the medium security warning, are the online databases out of date on this one?

Thread Starter bindevid
(@bindevid)

1 year, 4 months ago

No the databases are correct they just have not fixed the vulnerability even though they marked this thread as “Resolved.”

Ma?l
(@maelimhof)

1 year, 4 months ago

I’d gladly see what I can do, but I don’t think the plugin is open-source is it? The repository I found is from 3 years ago.

Plugin Author Dipak Parmar
(@dipakparmar443)

1 year, 1 month ago

Hello,

Issue is fixed. Please update the latest version? And let me know.

Thanks!!!

Ma?l
(@maelimhof)

1 year, 1 month ago

Hello,

Maybe you should contact Patchstack. I’m sure the issue is fixed if you say so, but they might not be aware of it.

I use SolidSecurity as a plugin, and they detect vulnerabilities using Patchstack, so if the vulnerability is not marked as fixed on Patchstack, security plugins might continue to warn the admins about it.

Hope it helps, have a nice one !

Plugin Author Dipak Parmar
(@dipakparmar443)

1 year, 1 month ago

Hello (@maelimhof),

I’ll check Solid security plugin and get back to you soon.

Thanks !!!

Plugin Author Dipak Parmar
(@dipakparmar443)

1 year, 1 month ago

Hello @maelimhof,

I have checked Solid security plugin?has no vulnerability found please check my screenshot Screenshot Link

Thanks !!!

Ma?l
(@maelimhof)

1 year, 1 month ago

Hello @dipakparmar443,

My bad, the plugin does not show any warning indeed. However, the vulnerability on Patchstack does not appear as having a patch. Maybe they just did not catch up to the current plugin version, but in the long term it might be a good idea to tell them it is fixed.

I don’t know how those things work though…

Thank you for your time and efforts, very appreciated !

Ma?l
(@maelimhof)

1 year, 1 month ago

I just saw your last answers on the other posts about this issue, I’ll ignore Patchstack for the moment then.

Plugin Author Dipak Parmar
(@dipakparmar443)

1 year, 1 month ago

Hello @maelimhof

Thank You !!!

Viewing 13 replies - 1 through 13 (of 13 total)

The topic ‘Cross Site Request Forgery (CSRF) vulnerability’ is closed to new replies.