Security Vulnerability

  • Resolved chiimchiim

    (@chiimchiim)


    1 year, 11 months ago

    We have noticed that the plugin has a security vulnerability allowing unauthenticated visitors to download the entry data for submitted forms in the latest version, so we have to deactivate the plugin immediately. Could you please help fix this?

Viewing 3 replies - 1 through 3 (of 3 total)
  • Russ

    (@gfxdesigner)

    1 year, 11 months ago

    Until there is an official patch from the plugin developer, you could do the following:

    1. Edit /admin/class-advanced-cf7-db-admin.php
    2. Search for the following on Line 1405: function vsz_cf7_export_to_excel($fid, $ids_export){
    3. Add the following directly below it.
    // Check if the current user has the required capability
if (!current_user_can('manage_options')) {
    return 'You do not have the permission to export the data';
}
    TRILOS new media

    (@trilos)

    1 year, 11 months ago

    Just subscribing to this thread.
    Thanks @gfxdesigner

    Plugin Author Vsourz Digital

    (@vsourz1td)

    1 year, 10 months ago

    Yes, we have resolved this issue, kindly update the plugin

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Security Vulnerability’ is closed to new replies.