Updated: (FIXED) Serious security issues

  • UPDATE: SECURITY ISSUES FIXED 3-8-23

    WordPress Asgaros Forum Plugin <= 2.2.1?is vulnerable to Cross Site Request Forgery (CSRF)

    Partially patched in versions >= 2.2.0, no fully patched version is available. No reply from the vendor.

    The plugin should be removed until a complete fix is implemented. patchstack has details.

    • This topic was modified 1 year, 10 months ago by jacksonbatnerd.
    • This topic was modified 1 year, 10 months ago by jacksonbatnerd. Reason: text
    • This topic was modified 1 year, 8 months ago by jacksonbatnerd. Reason: UPDATE: Author corrected issues
Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Author Asgaros

    (@asgaros)

    Not sure why the previous review got removed, but the issues got fixed with version 2.2.0 (including additional potential ones in version 2.2.1).

    I am not aware of any additional issues besides of the fixed ones. The links which you posted in the previous review also don’t include anything new.

    Looking forward for further details so I can fix them asap!

    Thread Starter jacksonbatnerd

    (@jacksonbatnerd)

    It hasn’t been fixed, find the details on patchstack()com.

    Plugin Author Asgaros

    (@asgaros)

    All the reported issues there have been fixed. As mentioned before: I never got any details about still existing issues or partially fixed issues. So I have to assume that this claim is wrong.

    Just a reference to a website which claims that there are “security issues” without providing further details is not helpful.

    Thread Starter jacksonbatnerd

    (@jacksonbatnerd)

    It hasn’t been fixed, you can read about it on patchstack()com., I’m not going to do your work for you. That seems to be the problem, lack of experience.

    Thread Starter jacksonbatnerd

    (@jacksonbatnerd)

    Just an update:

    The security issues have all been fixed, thanks!

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Updated: (FIXED) Serious security issues’ is closed to new replies.