Wordfence Detecting Vulnerability

Viewing 15 replies - 1 through 15 (of 15 total)

  • I too am seeing this wordfence vulnerability notification. My attempt at reporting this as you have has my submission being held for moderation.

    We need the author to acknowledge this situation, so we know whats going on.

    I received the same warning. Hopefully a quick fix, or the plugin has to be disabled.

    Thread Starter Eric Karkovack

    (@karks88)

    It appears to be with the Freemius framework. So I’m guessing they will have to fix that first, then the plugin author will have to apply it?

    Looks like the Freemius framework was already patched.
    https://freemius.com/blog/freemius-wordpress-sdk-security-vulnerability/

    Author – Can you please acknowledge this issue? Silence is never a good sign. Thanks

    I, too, am waiting for the Author’s response to this vulnerability. I have deactivated Simple Sitemap Pro Plugin and all links to the page where it is used but I haven’t deleted the plugin. Do these steps decrease the vulnerability? thank you.

    All – I just sent the parent company WPGO a message on their contact page at https://wpgoplugins.com/contact-us/ asking for a response. If we do not get any response soon we should pry consider this plugin as abandoned, and move forward with complete removal. If you are reading this it is highly advised to disable the plugin for security. If you can do without the plugin it advised to disable, and remove the plugin 100% until there is a fix/patch. I personally will be removing this plugin from all of my sites after 1 week of no response from the author.

    The fix we are waiting for looks to me to be very simple – simply replacing Freemius SDK in the vendor folder with the latest version. I’ve just tried this on a dev copy of one site that I’m using it on and everything seems to be working OK.
    So let’s hope @dgwyer can implement this asap

    • This reply was modified 1 year, 4 months ago by nkalistair. Reason: Misspelt Freemius
    Plugin Author David Gwyer

    (@dgwyer)

    A new version will be released tomorrow. Thanks for the heads-up everyone. ??

    Thread Starter Eric Karkovack

    (@karks88)

    Thank you, @dgwyer! ??

    @dgwyer Looking forward to that new release.

    Plugin Author David Gwyer

    (@dgwyer)

    The plugin has now been patched and updated (v3.5.10). Please let me know if there are any further issues.

    Thanks for your patience everyone. ??

    Thread Starter Eric Karkovack

    (@karks88)

    Awesome, thank you @dgwyer!

    I can confirm the upgrade works. I have enabled the plugin again.

    @dgwyer thank you for patching this plugin.

    Thank you for fixing this, David.

Viewing 15 replies - 1 through 15 (of 15 total)
  • The topic ‘Wordfence Detecting Vulnerability’ is closed to new replies.