Open Redirection vulnerability | ww.wp.xz.cn

Resolved WFRM IT Staff
(@wfrmitstaff)

5 months, 2 weeks ago

Patch Stack reports this security issue:
#WordPress Accept Donations with PayPal plugin <= 1.5.1 – Open Redirection vulnerability
-Vulnerability type: Open Redirection
-No Update Available

Please, review the vulnerability issue and release an update asap.
Thanks.

Viewing 5 replies - 1 through 5 (of 5 total)

Plugin Author Scott Paterson
(@scottpaterson)

5 months, 2 weeks ago

Hi @wfrmitstaff,

The fix for this will be released tomorrow.

Best,
Scott

Plugin Author Scott Paterson
(@scottpaterson)

5 months, 2 weeks ago

Hi @wfrmitstaff,

This has been fixed in version 1.5.2 of the plugin, released today.

Best,
Scott

Thread Starter WFRM IT Staff
(@wfrmitstaff)

5 months ago

Hi, based on patch stack the version 1.5.2 is still affected. Could you kindly double check?

https://patchstack.com/database/wordpress/plugin/easy-paypal-donation/vulnerabilities

CVSS Score4.7

#WordPress Accept Donations with PayPal plugin <= 1.5.2 – Open Redirection vulnerability
-Vulnerability type: Open Redirection
-No Update Available

Thanks in advance for your cooperation.

Plugin Author Scott Paterson
(@scottpaterson)

5 months ago

Hi @wfrmitstaff,

1. This was never a security issue at all. 100% no chance of any security issue every happening from this. It’s literally impossible. I spent hours looking into it and there is nothing there.
2. Even though there was no issue, I fixed the “vulnerability” in version 1.5.1.

Please mark this as resolved.

Best,
Scott

Thread Starter WFRM IT Staff
(@wfrmitstaff)

5 months ago

Thanks for your feedback, could you kindly report this to patchstack? In the opposite case some security plugin will reports your plugin as vulnerable.

Thanks in adcavnce for your cooperation.

Viewing 5 replies - 1 through 5 (of 5 total)

You must be logged in to reply to this topic.

7 replies
2 participants
Last reply from: WFRM IT Staff
Last activity: 5 months ago
Status: resolved