Vulnerability Reported on WordFence

Viewing 6 replies - 1 through 6 (of 6 total)
  • Plugin Author WraithKenny

    (@wraithkenny)

    “This only impacts multi-site installations and installations where unfiltered_html has been disabled.”

    This is a weird report, since the code in my plugin entire admin code is completely disabled when unfiltered_html is disabled.

    Plugin Author WraithKenny

    (@wraithkenny)

    I appreciate you giving me that link, since I wasted a whole 8 hrs trying to refactor my code to find a vulnerability that’s certainly a false positive.

    Plugin Author WraithKenny

    (@wraithkenny)

    I’ve release 3.5.3, which disables the plugin completely if DISALLOW_UNFILTERED_HTML is set to true, and also disables the old code for upgrading meta data with the old key.

    This should remove any surface for the reported vulnerability.

    Plugin Author WraithKenny

    (@wraithkenny)

    closing

    Thread Starter sara.mansouri

    (@saramansouri)

    Thank you @wraithkenny for taking care of the issue and fixing it in a timely manner.

    Plugin Author WraithKenny

    (@wraithkenny)

    Not completely solved, but the company that reported the vulnerability has reached out to me.

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Vulnerability Reported on WordFence’ is closed to new replies.