Need info – security fix update

  • Resolved tareqanwer

    (@tareqanwer)


    3 years, 3 months ago

    Hey,

    I see you guys recently patched a security vulnerability. Can you guys share some info about this security fix, as I am using UpdraftPlus on multiple sites. Plus installed on another site yesterday and connected with Google Drive using version 1.16.65.

    Even I updated to the latest version, how to be sure that I am not already affected by this issue?

    Please, share the details as much as you can. Getting quite worried here.

    Thanks in advance

Viewing 6 replies - 1 through 6 (of 6 total)
  • Plugin Contributor bcrodua

    (@bcrodua)

    Hi,

    You can find the information on our changelog page here – https://updraftplus.com/changelog/

    Thanks,
    Bryle

    Thread Starter tareqanwer

    (@tareqanwer)

    Hey,

    Thanks for the reply. I already looked in the changelog.

    I just want to be sure that my site aren’t affected by the issue. So, I just want to know, if my sites are affected by it then what issues/sign I can see on sites?

    I just want to know this much.

    Thanks

    Plugin Author David Anderson / Team Updraft

    (@davidanderson)

    Hi,

    What is it in particular you want to know? The changelog gives a full description of the type of defect, and its potential impact: “Fix a non-persistent XSS error allowing an attacker to once run JavaScript in your web browser if you clicked on a link crafted personally for your site whilst logged into it.” (And it states it is fixed in 1.16.66).

    > “how to be sure that I am not already affected by this issue?”

    The issue is non-persistent. i.e. Is not something that remains on a site. If you Google “non-persistent XSS” you can learn about what such issues are.

    To carry out a general scan of your site and its security status, you can use tools such as those provided by Sucuri or Wordfence or their competitors.

    David

    Thread Starter tareqanwer

    (@tareqanwer)

    Thanks for the reply.

    Yesterday, Wordfence sent me a message about this security issue. I also had an unauthorized registration of an admin account. Can you please let me know if this can be related to the security vulnerability?

    Solved, was not related. It was a vulnerability in PublishPress Capabilities.

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Need info – security fix update’ is closed to new replies.