Security vulnerability | ww.wp.xz.cn

Resolved JakeyPeester
(@jakeypeester)

7 months, 2 weeks ago

Checking if there’s a roadmap for patching this vulnerability:
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/connect-daily-web-calendar/wordpress-events-calendar-plugin-connectdaily-154-authenticated-contributor-stored-cross-site-scripting

Viewing 3 replies - 1 through 3 (of 3 total)

Plugin Author George Sexton
(@gsexton)

7 months, 2 weeks ago

Yes, we’ll be fixing it in the next couple of weeks. It’s a very low risk bug. The “bug bounty” firm that reported this is difficult to work with and I’ve gone through two iterations already to address it. They don’t respond to emails, and when they do it’s usually copy/pasted without actually responding to the asked questions. They finally communicated what the issue was in a specific way about a week ago.

Plugin Author George Sexton
(@gsexton)

7 months, 1 week ago

I’ve pushed up a new release that fixes the issues they communicated to me. I’ve provided the reporting company with a patch so they can vet the changes.

Plugin Author George Sexton
(@gsexton)

7 months ago

The reporter shows this issue as resolved.

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Security vulnerability’ is closed to new replies.

3 replies
2 participants
Last reply from: George Sexton
Last activity: 7 months ago
Status: resolved