Hi,
The message on the front of this plugin says it’s temporary pending a full review. I’m keeping an eye on it too to see when it comes backs.
Thread Starter
puda
(@puda)
That’s literally the message you get for any plugin being removed. I’ll wait for a week or two and if we don’t hear back, I’ll remove the plugin.
Yes we are working with WordPress to get the issue resolved.
We will keep you posted. I assure you we are not going anywhere.
Sorry for the scare
We are working to resolve this issue with WordPress.
We are not going anywhere
Please forward all support tickets to [email protected]
WpRemote is showing your plugin as a security risk now.
Hi, any updates on this? WP Scan is reporting two security issues now:
Social Warfare < 4.4.0 – Subscriber+ Post Meta Deletion
Social Warfare <= 4.4.0 – Post Meta Deletion via CSRF
The changelog here says 4.4.0 was released, but it looks like only 4.3.0 is available?
Thanks!
Hi, any updates on this? WP Scan is also reporting two security issues now.
The changelog here says 4.4.0 was released, but it looks like only 4.3.0 is available?
Thanks!
Hi everyone, thank you for your patience.
to be clear, everything has been al sorted out and this was really a matter of misunderstanding between WordPress and Wordfence.
The short answer is that we were removed from the WordPress repo due to a copyright infringement as we had both FB and Twitter logos on our banner. Once these were removed, we were reinstated into the WordPress repo as you can see. Unfortunately, we need to wait for the WordPress team (who you can imagine is extremally busy) to audit and approve our updates to the banner and confirm that we are in fact not in copywrite violation.
Regarding the security risk, WP Remote is echoing what Wordfence is reporting. The Wordfence issue was a separate matter and technically not a real threat which is why they list it as a 5.4 out of 10 on their website.
First they made a typo by listing it as 4.4 and they have fixed that typo.
Secondly there was an issue that allowed one logged in user to temporarily disconnect another users FB token. To which we asked Wordfence, “Who would go through all that hassle to trick someone into disconnecting Facebook.” and they agreed it is very minor but it is technically an “issue” they need to report.
We have fixed this with one line of code and version 4.3.1 is getting approved as we speak.
Thank you all for your patience.
Thank you for the update! WP Scan is also reporting two security issues; not sure if they’re the same? And if not, will version 4.3.1 address those as well?
(I posted links previously but that held my comment up in moderation. If you search on the WP Scan website you’ll find them easily.)
Thanks!
Yes, the issues reported in WP Scan and Wordfence are the same issue. In fact, I am not convinced that WP Scan does not just harvest info from Wordfence, but I am totally speculating.
Regarding the “issues” they have been fixed and we are still waiting for them to update in WP repo.
Yes, 4.3.1 is the “fix”
Could you update the free download in your site? Si we can manually update to the new version. Several system advice us about vulnerability
We just got an email stating it will be updated here very shortly, within the hour.
We are also going to add a zip file to our website.
We are excited to announce that 4.4 has been updated for both core and pro.
When you update, it is best to update pro first, then update core.
Thank you for your patience and cooperation.
