RTMKit – (IDOR) Security vulnerable | ww.wp.xz.cn

Resolved Kevin Perrow
(@kperrow)

6 months, 2 weeks ago

Hi Rometheme,
Your current plugin version 1.6.7 has been flagged for vulnerability when running a PEN test on a site.
“RTMKit <= 1.6.7 is vulnerable to Insecure Direct Object Reference (IDOR)Security risk: idor. This vulnerability allows any unauthenticated user to perform actions that only an administrator should be allowed to do.
report source: https://patchstack.com/database/wordpress/plugin/rometheme-for-elementor/vulnerability/wordpress-rtmkit-plugin-1-6-7-insecure-direct-object-references-idor-vulnerability?_a_id=473 “

I have fixed the issue for my site – where can I share my fix for other users?

Thank you,
Kevin

Viewing 1 replies (of 1 total)

Plugin Author Dicko Andrean
(@dickoandrean)

6 months ago

Thank you for bringing this to our attention and for taking the time to report your findings. We’ve reviewed the issue and have already released an update in version 1.6.8, which includes a fix for the IDOR vulnerability.

We really appreciate your initiative in patching it on your end. If you’d like to share your fix or any additional insights, feel free to send them directly to us, and we’ll be happy to review them further.

Best regards,
Rometheme Team

Viewing 1 replies (of 1 total)

The topic ‘RTMKit – (IDOR) Security vulnerable’ is closed to new replies.

2 replies
2 participants
Last reply from: Dicko Andrean
Last activity: 6 months ago
Status: resolved