Security Vulnerability

  • Resolved treecutter

    (@treecutter)


    1 year, 4 months ago

    Hello

    Wordfence is advising this regarding this plugin :

    “To protect your site from this vulnerability, the safest option is to deactivate and completely remove “ApplyOnline” until a patched version is available”

    They also state:

    “The ApplyOnline – Application Form Builder and Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting”

    Should we expect an update ?

    Thank you.

    The page I need help with: [log in to see the link]

Viewing 6 replies - 1 through 6 (of 6 total)
  • Plugin Author Farhan Noor

    (@farhannoor)

    Hi there,

    The plugin was properly checked before release for the said vulnerability. WordFence didn’t provide information where in the code did they find this vulnerability. The output & input data from the plugin is properly sanitized and “Stored Cross-Site Scripting” is not possible.

    Best.

    Thread Starter treecutter

    (@treecutter)

    Thank you Farhan for your reply.

    We note that the plugin has now been removed from www.remarpro.com

    Hopefully this can be resolved soon.

    Plugin Author Farhan Noor

    (@farhannoor)

    The plugin is up & running. Please update to the latest version 2.5.2

    Thanks.

    Thread Starter treecutter

    (@treecutter)

    Thank you Farhan, that is great news.

    We are really pleased as it is a fantastic plugin !

    Plugin Author Farhan Noor

    (@farhannoor)

    Don’t forget to write your review for the plugin. Link is given in the sidebar.

    Thanks.

    Thread Starter treecutter

    (@treecutter)

    Team just did, and thank you again for the fix.

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Security Vulnerability’ is closed to new replies.