Situation with security problem | ww.wp.xz.cn

Plugin Support Support Ole
(@trsupsys)

5 years, 3 months ago

Hello.
We are Supsystic Team.
I would like to clarify the situation.
There was one vulnerability that WPScan discovered:
https://wpscan.com/vulnerability/8ecbeaaa-7986-4109-a56a-3d67496330f2
https://wpscan.com/vulnerability/35643e57-b566-4303-9d8c-b35434557725
WPScan passed this information to the WordPress Team.

The plugin was then immediately closed. This company didn’t consider it necessary to contact us so that we would fix the vulnerability with an update and that’s it.
As you can see, the fix was made a few days ago.

After fix – the WordPress team decided that we should totally update the plugin – libraries, update bootstrap to the newest versions – even if they are incompatible with each other. It turned out to be pointless to argue.
This is not a complaint against them – we ourselves believe that quality should not suffer. But closing the plugin … is too much.
We can’t release version with the usual vulnerability fix because we had to rewrite a good half of the plugin.

Now we are rewriting absolutely all database queries, remove bootstrap, rewrite option, styles – laborious task.
We plan to submit the new version for review by Friday.
Then we will have to wait for response from the WordPress Plugin Team.
We think this will happen on Monday/Tuesday.

Best wishes,
Ole

The topic ‘Situation with security problem’ is closed to new replies.

0 replies
1 participant
Last reply from: Support Ole
Last activity: 5 years, 3 months ago
Status: not resolved