ManageWP mark WPCerber as a Vulnerability Plugin
-
1 vulnerability found.
WP Cerber Security, Anti-spam & Malware Scan v9.0Arbitrary Code Execution. An authenticated user with a role as low as Subscriber can execute arbitrary PHP code on websites using the plugin.
-
Luckily we only run this on 2 sites we manage, I will just remove.
I am a loyal customer, treat me with due respect.
No, you are not.
if I have reported this issue to you it is my kindness to which you are replying with arrogance which is not good to the image of your company
I’m sorry, I do not need your anonymous “kindness” in this respect. My replies have nothing to do with arrogance and it’s obvious for anyone. Please, be so kind as to stop worrying about the image of my company.
Be a little more detailed in your skimpy responses at this moment seem like those of an offended child who replies by attacking instead of explaining and reassuring, how you should deal with customers.
Listen, I’m not the person you can manipulate or attack with easy. You get the software for free, you get support for free and now you’re trying to manipulate people. It doesn’t work with WP Cerber and me. If you do not like how it goes, remove the plugin. If you get some information from other vendors, ask them to provide you with details.
The only trustworthy source of WP Cerber’s news is here: https://wpcerber.com/main/
I re-ran the Wordfence scan, but it’s still showing as security vulnerability. Is this SOLEY because the plugin was removed from the WP Repo? If so, when will be be re-added so we can stop get getting these false flags?
Probably it’s just a Wordfence bug. I’ll ask them.
I’m in shock that a security plugin author first reaction to a reply is “bring me proof”. I understood he was referring to managewp but what the heck?
The CORRECT line of action would be to say we are not aware, we are going to look into it if there’s anything. And after all there was.
The plugin is removed from WP repo, no word on that.
This has nothing to do with free support, free plugin and whatever is considered free. Someone brought an issue, that’s it. What I’m sure pulled us back in our chairs was the attitude.
And yes, I’m removing the plugin from all of 200+ sites I manage, you don’t have to state again “free yada yada”. I just went out of my way to comment here because it has been a long time since the plugin got removed and I was curious to see if there were any actions.
Thanks! Do you know if or when it will be re-added to the WP Repo?
Thanks! Do you know if or when it will be re-added to the WP Repo?
No exact date so far, it has yet to be determined. Please stay tuned.
It seems evident that I am not the only one concerned about the vulnerability flag I simply have reported…and about your attitude too, several other commentators, here, seems to agree with me. Why should I manipulate you or other people? LOL this is sci-fi…
And yes, I’m a loyal customer… it doesn’t matter if your product is free. I have been using it for years, with satisfaction, on various sites that I manage and I simply took the liberty of pointing out to you a glaring problem that you deny and even seem to hold me responsible for it in some incredible way. And even if I were not a loyal customer you should treat me with the respect due to anyone. I suppose you consider me a troll paid by the competition to spite you and instead I am not.
You’re also angry with anonymity, as if it were a fault to have to choose a username for this support forum, but I’m perfectly willing to tell you my first and last name if this can be of help in any way. The fact is that the problem is not my anonymity but your plugin has been flagged as a vulnerability by other tools that webmasters use on a daily basis. Only this, yet it seems so obvious and easy to understand.
If your goal is to lose customers and make many uninstall your product you are certainly on the right track… you should have reassured us and explained instead you denied the evidence and treat us very bad…
To update previous statements:
WP-Cerber *did* automatically update to 9.3.3. So, that appears to now be working.
Thanks for the hard work Gregory. There are lots of people who really appreciate what you do. I think WPCerber is amazing and have no doubt these issues will soon be resolved one way or another. Wishing you all the best!
Doesn’t the link say that the vulnerability is fixed and was never exploited?
I think it just takes some time until WP Cerber gets back on the WP Repo.
Guys, user enumeration is possible without Cerber installed.
User enumeration is allowed in WordPress. It is not a security vunerability. If it were, WordPress should not ever be used because it is an insecure product. Think about it.
wow, just came across this thread while googling for something completely different “patchstack vs managewp”.
I have come across many discussions now where the developer is just being rude and aggressive to users.
I also posted a question about wpcerber being removed from www.remarpro.com and have got a load of abuse for it as well.NB: Just to avoid the usual rediculous “your lying” or “you work for wordfence” accusations that seem to occur on here, here is a screenshot as proof that I really was searcing for somehting else.
- This reply was modified 1 year, 7 months ago by lordsnake. Reason: added screenshot
Any proof? Show us any proof.
Any proof?
- The topic ‘ManageWP mark WPCerber as a Vulnerability Plugin’ is closed to new replies.