wordfence notice

Hi, the issue was discovered by the site https://patchstack.com/ and then spreader out for plugins like wordfence and other defense solutions, we are not able to reproduce the issue and we think that this is the false info, we have emailed that site and waiting for a response from them, so if you are running on latest version you do not need to worry about that.

The first time we thought that it was the issue (few days ago when first person reported this) but after many tests we were unable to reproducer the case described on patchstack site – so probably someone summited false info and that’s why we have this “panic: now ??

Kind Regards,
Nick

@elementoraddonswpr thanks for the feedback!

@elementoraddonswpr @igoramatuzzi, the vulnerability is real. The vendor provided the link to a new patched version. Soon, we will validate the patch provided to us, and I hope it is valid. The timeline below explains the situation better:

2022-12-13 – issue reported to the vendor.
2023-08-22 – disclosed to the vulnerability database.
2023-08-25 – the vendor replied and said that would fix the issue.
2023-08-26 – the vendor replied and said he couldn’t reproduce the issue.
2023-08-28 – the vendor got a technical explanation of what is still wrong.
2023-08-29 – the vendor provided a link to the new patched version, and we will check the patch soon.

If you have any questions, please let me know ??

Please update to the latest version of plugin issue is fixed.

Kind Regards,
Nick

@elementoraddonswpr great! keep the good work!