New Vulnerability Detected

  • Resolved kingslayer21

    (@kingslayer21)


    6 years, 11 months ago

    Hi Guys!

    I’ve just seen this

    “A new vulnerability has been added to our database
    Caldera Forms <= 1.5.9.1 – Multiple Cross-Site Scripting (XSS)

    To help support WPScan and WPVULNDB please consider visiting our sponsors, Sucuri.

    To update your email preferences or unsubscribe click here.”

    Can you please let me know what’s happening?

Viewing 1 replies (of 1 total)
  • Plugin Author Josh Pollock

    (@shelob9)

    Hi, thanks for using Caldera Forms.

    Yes, there are security fixes in 1.6.0. I worked with the developer who found and responsibilities disclosed the issues. A part of that process is registering it with the database. That documents the issue.

    More importantly, it triggers alerts that plugins need to be updated on good hosts. I got a notice from WPEngine about my own site. That’s the best system available to us for getting the word out about vuldrabilites that are not severe.

    We also mentioned the disclosure in the changelog and in our release blog post: https://calderaforms.com/2018/03/caldera-forms-1-6-is-here/

Viewing 1 replies (of 1 total)
  • The topic ‘New Vulnerability Detected’ is closed to new replies.