Plugin Security Vulnerability Issue – WPEngine

  • Resolved tison_

    (@tison_)


    1 year, 8 months ago

    This message below was sent to us by wpengine. Is there a patch / fix / upgrade we should do? Thank you for the amazing plugin btw

    Hello,

    At WP Engine we take the security of your sites very seriously, and make every effort to keep our customers aware of any potential security risks. We are reaching out to you today because we identified your site(s), is (are) utilizing a vulnerable version of the User Menus – Nav Menu Visibility plugin.

    At this time, we are not seeing that the plugin author has released an update or patch for this vulnerability.

    WP Engine summary of the vulnerability: Data from an attacker could be interpreted as code by site visitors’ web browsers. The ability to run code in another site visitors’ browser can be abused to steal information, or modify site configuration.

    Original 3rd-party’s report on the vulnerability: Please note that questions related to this article should be directed to the 3rd-party researcher and not WP Engine:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33999
    https://wpscan.com/vulnerability/39d1f22f-ea34-4d94-9dc2-12661cf69d36

    We encourage you to assess the risk of continuing to use this plugin until a patch is released.

    Please make sure to run a backup of your database before making any changes. You can learn how to do this in this article: https://wpengine.com/support/restore/ .

Viewing 1 replies (of 1 total)
  • Thread Starter tison_

    (@tison_)

    Correction – wpengine just posted that their alert was an error in the scanner they use, so please remove / close this ticket

Viewing 1 replies (of 1 total)
  • The topic ‘Plugin Security Vulnerability Issue – WPEngine’ is closed to new replies.