Security issue? | ww.wp.xz.cn

Resolved vejpkollen
(@vejpkollen)

2 years, 10 months ago

I got a warning regarding the YARPP plug in, just now. Can anyone verify if this is correct? And if so, what is being done about it? 🙂

Link to the warning below:
https://patchstack.com/database/vulnerability/yet-another-related-posts-plugin/wordpress-yet-another-related-posts-plugin-yarpp-plugin-5-30-2-local-file-inclusion?_a_id=250

Viewing 7 replies - 1 through 7 (of 7 total)

summetj
(@summetj)

2 years, 10 months ago

I also received a warning from my Really Simple SSL plugin which has apparently labeled it as a medium severity issue. For now, I disabled YARPP, will wait for an update from the author.

summetj
(@summetj)

2 years, 10 months ago

Update: YARPP has updated to Version: 5.30.4 and Really Simple SSL no longer flags it as a vulnerability, so I guess it was patched.

Plugin Author YARPP
(@jeffparker)

2 years, 10 months ago

Hi @summetj There is one more left. Should be resolved this week.

summetj
(@summetj)

2 years, 10 months ago

@jeffparker Thanks for the note. I’ve disabled the plugin for now, would appreciate an update when you are finished with patching.

Plugin Author YARPP
(@jeffparker)

2 years, 10 months ago

Thank you for your patience.

This issue has been patched in v5.30.5. Please upgrade to the latest version.

The issue was limited to Windows servers and the user would have to have writing permission. If your server is Linux (most are), you were not affected at all. In any case, it is patched now.

summetj
(@summetj)

2 years, 10 months ago

Thanks!

Plugin Author YARPP
(@jeffparker)

2 years, 10 months ago

Thank you for your patience!

Viewing 7 replies - 1 through 7 (of 7 total)

The topic ‘Security issue?’ is closed to new replies.

8 replies
3 participants
Last reply from: YARPP
Last activity: 2 years, 10 months ago
Status: resolved