Tesla Model 3 vs Model Y.REGISTER NOW GET FREE 888 PESOS REWARDS!

Forum Replies Created

Viewing 7 replies - 1 through 7 (of 7 total)

Forum: Plugins
In reply to: [Solid Security – Password, Two Factor Authentication, and Brute Force Protection] Reset 2FA secret

Thread Starter Ma?l
(@maelimhof)

9 months, 2 weeks ago

Hi @shanedelierrr, thank you for your help and quick answer, very appreciated !

Forum: Plugins
In reply to: [Post View Count] Cross Site Request Forgery (CSRF) vulnerability

Ma?l
(@maelimhof)

9 months, 3 weeks ago

I just saw your last answers on the other posts about this issue, I’ll ignore Patchstack for the moment then.

Forum: Plugins
In reply to: [Post View Count] Cross Site Request Forgery (CSRF) vulnerability

Ma?l
(@maelimhof)

9 months, 3 weeks ago

Hello @dipakparmar443,

My bad, the plugin does not show any warning indeed. However, the vulnerability on Patchstack does not appear as having a patch. Maybe they just did not catch up to the current plugin version, but in the long term it might be a good idea to tell them it is fixed.

I don’t know how those things work though…

Thank you for your time and efforts, very appreciated !

Forum: Plugins
In reply to: [Post View Count] Cross Site Request Forgery (CSRF) vulnerability

Ma?l
(@maelimhof)

9 months, 3 weeks ago

Hello,

Maybe you should contact Patchstack. I’m sure the issue is fixed if you say so, but they might not be aware of it.

I use SolidSecurity as a plugin, and they detect vulnerabilities using Patchstack, so if the vulnerability is not marked as fixed on Patchstack, security plugins might continue to warn the admins about it.

Hope it helps, have a nice one !

Forum: Plugins
In reply to: [Post View Count] Post View 2.01 Causes Security Check error in WP
Ma?l
(@maelimhof)

9 months, 3 weeks ago
Hello @dipakparmar443,

I have the same problem on the websites I use the plugin on. I had a peek at the code and I think I found what could be the issue.

The website displays “Security check” as a message, just like if the execution had ended in a die("Security check"); instruction.

This could come from different places in the code, but the most probable is the ngd_hits_column_orderby function in the add-post-column.php file. This is called on the request hook, which is used even on public pages. In this function, the plugin makes a check for the current user to have manage_options privileges (which obviously the user does not have if they’re not even logged in), resulting in “Security check” message for unauthorized users.

I tried altering the code on my test website, changing :
```
if ( !current_user_can('manage_options'))
{
  die( __( 'Security check.', 'wp-simple-post-view' ) );
  return;
}
```
To :
```
if (!current_user_can( 'manage_options'))
{
  return $vars;
}
```
Seems like it did the trick for me.

Other possible sources of this message are the wp-simple-post-view.php file and the uninstall.php, the last one being very unlikely in this case.

Hope this helps, have a nice one !
Forum: Plugins
In reply to: [Post View Count] Cross Site Request Forgery (CSRF) vulnerability

Ma?l
(@maelimhof)

1 year, 1 month ago

I’d gladly see what I can do, but I don’t think the plugin is open-source is it? The repository I found is from 3 years ago.

Forum: Plugins
In reply to: [Post View Count] Cross Site Request Forgery (CSRF) vulnerability

Ma?l
(@maelimhof)

1 year, 1 month ago

I also still get the medium security warning, are the online databases out of date on this one?

Viewing 7 replies - 1 through 7 (of 7 total)