Security Risk

  • Resolved jpanders

    (@jpanders)


    1 month, 4 weeks ago

    When looking at installed plugins via our WP Engine dashboard, Hustle is identified as a Security Risk, with the below details. Please provide an update when this vulnerability will be patched, or whether this issue will persist.

    Security risk:?xss.?Data from an attacker could be interpreted as code by site visitors’ web browsers. The ability to run code in another site visitors’ browser can be abused to steal information, or modify site configuration.
    Severity:?low
    Fixed in:?no fix yet

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Support Williams – WPMU DEV Support

    (@wpmudev-support8)

    Hi @jpanders

    I hope you’re well today and thank you for reporting it.

    I’ve already asked our QA team and developers to look into it but I’d also like to ask you additionally:

    1. just to confirm, you installed the current/newest version of Hustle (7.8.5) on site, right? Or is it some other version (if so, please update it and check again)?

    2. what PHP version is your site powered with?

    3. the report that you got from WP Engine – is there any reference to any external source/vulnerability DB or report (such as e.g. Patchstack, Wordfence or similar) or is it only what you shared?

    Please let us know as it’s important.

    Kind regards,
    Adam

    Plugin Support Dmytro – WPMU DEV Support

    (@wpmudevsupport16)

    Hello @jpanders,

    I hope you’re doing great today!

    We haven’t heard back from you for some time, so I’ll be marking this topic as resolved for now. Please feel free to re-open it, and let us know if you need any further assistance.

    Best Regards,
    Dmytro

Viewing 2 replies - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.