Security Vulnerabilities

  • Resolved Nazar Tikhoniuk

    (@nazartikhonyuk)


    1 week, 6 days ago

    Hello!

    We are having several security vulnerability raised against the WP Crontrol plugin (version 1.17.0):

    • Info: check_admin_referer should be performed with?current_user_can()?or similar to verify the user’s capabilities.
      File: wp-content/plugins/wp-crontrol/src/bootstrap.php:719
    • Info: Change this code to not perform redirects based on user-controlled data.
      File: wp-content/plugins/wp-crontrol/src/bootstrap.php:745

    Please could you tell me whether these are genuine vulnerabilities or false positives. If they are genuine, please could you tell me when they will be fixed. If they are false positives, please could you explain why.

    Thanks!

    Nazar

Viewing 1 replies (of 1 total)
  • Plugin Author John Blackbourn

    (@johnbillion)

    WordPress Core Developer

    This is a false positive. The current_user_can check is performed a few lines above.

Viewing 1 replies (of 1 total)
  • You must be logged in to reply to this topic.