Security Vulnerabilities

  • Resolved Nazar Tikhoniuk

    (@nazartikhonyuk)


    1 year, 6 months ago

    Hello!

    We are having several security vulnerability raised against the WP Crontrol plugin (version 1.17.0):

    • Info: check_admin_referer should be performed with current_user_can() or similar to verify the user’s capabilities.
      File: wp-content/plugins/wp-crontrol/src/bootstrap.php:719
    • Info: Change this code to not perform redirects based on user-controlled data.
      File: wp-content/plugins/wp-crontrol/src/bootstrap.php:745

    Please could you tell me whether these are genuine vulnerabilities or false positives. If they are genuine, please could you tell me when they will be fixed. If they are false positives, please could you explain why.

    Thanks!

    Nazar

Viewing 1 replies (of 1 total)
  • Plugin Author John Blackbourn

    (@johnbillion)

    WordPress Core Developer

    1 year, 6 months ago

    This is a false positive. The current_user_can check is performed a few lines above.

Viewing 1 replies (of 1 total)

The topic ‘Security Vulnerabilities’ is closed to new replies.