Security Vunerability (v 3.8)

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Contributor Ketan Patel

    (@patelketan)

    Hello,

    Can you please share our plugin report… can you please tell me which security issue you found in our plugin…

    Thanks,

    Thread Starter M Woldt

    (@mmpwebinfo)

    According to WordFence:

    Multiple WPOnlineSupport plugins for WordPress are vulnerable to unauthorized modification of data due to a missing capability check on the wpos_anylc_admin_init_process() function hooked via admin_init in various versions. This makes it possible for unauthenticated attackers to dismiss a license notice.

    You can check out the link I originally posted to see more details.

    Thanks

    bb15

    (@bb15)

    You van find the vulnerability info here:
    https://patchstack.com/database/vulnerability/sp-faq/wordpress-wp-responsive-faq-with-category-plugin-3-8-broken-access-control-vulnerability

    And all WP safety scanners have been reporting it for quite some time!!

    Plugin Contributor Ketan Patel

    (@patelketan)

    Hello,

    We solved the security issue 2 months ago but Wordfence has not updated the database. we have talked to Wordfence by email and Wordfence updated the database so please check the Vulnerability Severity link all plugins perfectly working without any security issue…

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Security Vunerability (v 3.8)’ is closed to new replies.