Security vulnerability – Unauthenticated Stored Cross-Site Scripting

Resolved jmaneyrol
(@jmaneyrol)

1 month, 2 weeks ago

Hi,

I have recently been alerted by my security plugin (Really Simple Security) that Royal Elementor Addons Pro plugin has a security problem in versions up to 1.7.1041 (Unauthenticated Stored Cross-Site Scripting), see https://vulnerabilities.really-simple-security.com/plugin/wpr-addons-pro/e39d162c-ff46-4f9f-b582-186a042f6cea/, yet the latest version of the Pro plugin is 1.6.01.

Is this a false positive, or are there plans to update the Pro plugins soon?

Best regards.

Viewing 6 replies - 1 through 6 (of 6 total)

truevladdracul
(@truevladdracul)

1 month, 2 weeks ago

Same here with Wordfence.

Plugin Contributor George
(@rubeushagrid13)

1 month, 2 weeks ago

Hello again,

As u know both free and pro versions share some features by extending classes or loading additional files for implementing some pro features, for now mentioned vuln can be considered false positive cause this exact vuln already fixed after it was reported by wordfence.

I’ve rerun security checks regarding this exact vuln and can confirm that it’s solved 100%, we’ll check with wordfence if anything not approved by mistake but our dashboard shows all good

Kind regards,
George

Thread Starter jmaneyrol
(@jmaneyrol)

4 weeks, 1 day ago

@rubeushagrid13 thank you for letting us know.

At this time, I am still being notified by the Really Simple Security plugins, and they have not removed their alert (see https://vulnerabilities.really-simple-security.com/plugin/wpr-addons-pro/e39d162c-ff46-4f9f-b582-186a042f6cea/).
Is there anything you can do on your end to inform them that this is a false positive?

Thank you.

truevladdracul
(@truevladdracul)

4 weeks, 1 day ago

Still same with Wordfence.

lineaswebmaster
(@lineaswebmaster)

4 weeks, 1 day ago

A me mi da Errore dentro di Hostinger:

“Plugin installato

Royal Elementor Addons Pro (Premium)

Version 1.6.02

Stato di sicurezza

Problema di vulnerabilità.Scopri di più

Raccomandazione

Disattiva ed elimina il plugin

Attivo”

Questo e quello che mi appare, e non so come risolverlo!
Plugin Contributor George
(@rubeushagrid13)

3 weeks, 6 days ago
Hi again everybody,

There is proof direclty in link, it says that issue fixed in 1.7.1041 version but still fires report, it’s because of pro version vuln was reported but free version handles the vulnerable feature which was taking effect in pro version, we’re wating response from wordfence if this can be solved but be sure that vuln is fixed, security plugins just expect pro version 1.7.1041 which never existed, patch was provided via free version
https://prnt.sc/Y4J_QG-BXuIa

Kind regards,
George
- This reply was modified 3 weeks, 6 days ago by George.

Viewing 6 replies - 1 through 6 (of 6 total)

You must be logged in to reply to this topic.

Tags