security

  • Resolved Le chef Isidore

    (@isidore1964)


    1 month, 3 weeks ago

    Hello,
    For the past few days, I’ve been receiving a security report from Solid Security (known vulnerabilities: WordPress Easy Post Submission plugin <= 2.4.0 – Broken Access Control vulnerability
    Patchstack Priority: High
    Manage vulnerability | View in Patchstack).

    Please take the necessary steps,
    Isidore

    The page I need help with: [log in to see the link]

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Support J Rubystudio

    (@rubystudio)

    1 month, 3 weeks ago

    Thank you for flagging this.

    The version 2.4.0 of the Easy Post Submission plugin, which includes the fix for the Broken Access Control vulnerability you mentioned. The alert you’re seeing from Solid Security / Patchstack appears to be based on outdated patch feedback that hasn’t yet been updated to reflect the fix in version 2.4.

    Please don’t hesitate to reach out if you have any other concerns.

    Best regards

    Thread Starter Le chef Isidore

    (@isidore1964)

    1 month, 3 weeks ago

    Hello @rubystudio and thank you for your reply.
    Isidore

    Thread Starter Le chef Isidore

    (@isidore1964)

    1 month, 3 weeks ago

    Hello @rubystudio,

    I’m contacting you again regarding the Solid Security alert.
    I keep receiving the alert, and this has been happening since the 2.4.0 update, whereas previously, with the earlier version, I didn’t have any security alerts.

    I think your 2.4.0 plugin needs to be updated and that any issues with it need to be fixed.

    Thank you,
    Isidore

    Plugin Support J Rubystudio

    (@rubystudio)

    1 month, 3 weeks ago

    I understand the continued alerts from Solid Security are concerning. Let me clarify what is likely happening here.

    Security plugins like Solid Security and Patchstack maintain their own vulnerability databases. When a vulnerability is reported, they add it to their list and trigger alerts for any site running that plugin. However, even after the plugin author releases a fix, these databases are not always updated immediately. This means you may continue receiving alerts until the security service reviews and confirms the patch, then removes the entry from their database.

    In other words, the alert you are seeing does not necessarily mean your site is still vulnerable. It means the security service has not yet re-evaluated version 2.4.0 to confirm the fix.

    That said, I have already submitted the patch to Patchstack for review. However, they have not yet reviewed and updated their records for version 2.4.0. Once they complete their review and confirm the fix, the alerts on your end should stop automatically.

    In the meantime, please make sure you are running the latest version of Easy Post Submission (2.4.0) and rest assured that the vulnerability has been addressed.

    Thank you for your patience, and please let me know if you have any further questions.

    Best regards

Viewing 4 replies - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.