Critical Security Vulnerability in weForms!

Resolved LN-CWM
(@ln-cwm)

1 year, 10 months ago
This morning, my Wordfence security plugin is reporting a critical security vulnerability in weForms. Please fix asap!
- Plugin Name: weForms
- Current Plugin Version: 1.6.23
- Details: To protect your site from this vulnerability, the safest option is to deactivate and completely remove “weForms” until a patched version is available. Get more information.(opens in new tab)
- Repository URL: https://ww.wp.xz.cn/plugins/weforms(opens in new tab)
- Vulnerability Information: https://www.wordfence.com/threat-intel/vulnerabilities/id/379a5016-3968-4b28-8d6e-0f517e419016?source=plugin(opens in new tab)
- Vulnerability Severity: 5.3/10.0 (Medium)
The page I need help with: [log in to see the link]

Viewing 7 replies - 1 through 7 (of 7 total)

brandonco
(@brandonco)

1 year, 10 months ago

Thanks for reaching out @ln-cwm,

Our developers have been made aware of this issue and we’re working on a fix. You can track the bug here but we should have a patch coming available for this shortly.

Thank you for bringing this to our attention and please let us know if you have any other questions or concerns for us!

Thread Starter LN-CWM
(@ln-cwm)

1 year, 10 months ago

Hello @brandonco — Any update on this?

brandonco
(@brandonco)

1 year, 10 months ago

Hi @ln-cwm !

It looks like this issue has been patched and should be resolved. You can check the status here. Please let us know if you have more questions for us.

Thank you!

Thread Starter LN-CWM
(@ln-cwm)

1 year, 10 months ago

Maybe resolved internally, @brandonco but I don’t see an update. I’m only seeing v. 1.6.23, updated 4 months ago.

Thread Starter LN-CWM
(@ln-cwm)

1 year, 10 months ago

Went out to dinner, then came back to find an email from Wordfence notifying me that an update is now available. Applied it. So hopefully good to go.

brandonco
(@brandonco)

1 year, 10 months ago

Hi @ln-cwm,

My apologies, we were out of office for the weekend but I am happy to see you were able to apply the update. Please let us know if you have further questions or concerns for us and we’ll be right here to help!

Thanks for your patience and working with us through this.
Thread Starter LN-CWM
(@ln-cwm)

1 year, 10 months ago
Whoops! This morning Wordfence is calling out the update (1.6.24) as a security risk.
- The Plugin “weForms” has a security vulnerability.Type: Plugin Vulnerable
- Issue Found July 8, 2024 9:53 am Critical
- Plugin Name: weForms
- Current Plugin Version: 1.6.24
- Details: To protect your site from this vulnerability, the safest option is to deactivate and completely remove “weForms” until a patched version is available. Get more information.(opens in new tab)
- Repository URL: https://ww.wp.xz.cn/plugins/weforms(opens in new tab)
- Vulnerability Information: https://www.wordfence.com/threat-intel/vulnerabilities/id/379a5016-3968-4b28-8d6e-0f517e419016?source=plugin(opens in new tab)
- Vulnerability Severity: 5.3/10.0 (Medium)

Viewing 7 replies - 1 through 7 (of 7 total)

The topic ‘Critical Security Vulnerability in weForms!’ is closed to new replies.