Security Vulnerability | ww.wp.xz.cn

Resolved thirstyjon
(@thirstyjon)

2 years, 8 months ago

This plugin is on an IThemes list of plugins with unpatched vulnerabilities.

https://ithemes.com/blog/wordpress-vulnerability-report-september-6-2023/#vulnerability-14035

Does anybody know if this has been patched yet?

Viewing 5 replies - 1 through 5 (of 5 total)

Plugin Author roumi
(@roumi)

2 years, 8 months ago

Hi,

Sorry about that, this issue vulnerability has not been fixed.
I’ll will make a fix ASAP.

Plugin Author roumi
(@roumi)

2 years, 8 months ago

Hi,

I’ve just released a new version with the fix.

Let me know if you need any information 🙂

Thread Starter thirstyjon
(@thirstyjon)

2 years, 8 months ago

I just got an email from ithemes this morning saying it is not patched yet.

I don’t really know how things work between plug-in developers and security tools like ithemes.

Does this mean they have not accepted your patch or that they have not been notified yet?

Plugin Author roumi
(@roumi)

2 years, 8 months ago

Hi,

I’ve uploaded the patch version on the website that reported the vulnerability and it has been accepted.
Here is the link: https://patchstack.com/database/vulnerability/wp-admin-notification-center/wordpress-hide-admin-notices-admin-notification-center-plugin-2-3-2-cross-site-request-forgery-csrf-vulnerability

I’ve tried to search on itheme where I can contact them for that but there is no information about that.

Thread Starter thirstyjon
(@thirstyjon)

2 years, 8 months ago

@roumi

I’m guessing the info will filter to IThemes eventually. I don’t really know how that works.

Thanks for patching that though.

Viewing 5 replies - 1 through 5 (of 5 total)

The topic ‘Security Vulnerability’ is closed to new replies.

7 replies
2 participants
Last reply from: thirstyjon
Last activity: 2 years, 8 months ago
Status: resolved