Vault Press reports vulnerability

  • Resolved mack28

    (@mack28)


    10 years, 5 months ago

    Vault Press report the following:

    Job Manager 0.7.25

    The plugin Job Manager (version 0.7.25) has a publicly known vulnerability. It is recommended deactivate and remove this plugin until a new version is released.

    Please advise if this is a false positive from Vault Press

    https://ww.wp.xz.cn/plugins/job-manager/

Viewing 4 replies - 1 through 4 (of 4 total)
  • Thread Starter mack28

    (@mack28)

    10 years, 5 months ago

    Also reported here: https://wpvulndb.com/vulnerabilities/8167

    Plugin Author Thomas Townsend

    (@smb-dev)

    10 years, 5 months ago

    It’s a false positive because the entire WP Media directory works in the same fashion ie File Name disclosure via Media Uploads. I went several rounds via email with the guy that submitted that and his goal was to elicit attention and feedback from WC core devs. Is it an issue for some Yes. It’s also something we have created a fix for but have not implemented due to backwards compatibility and a clean way to update older entries via a DB update. Maybe the New Year. Were moving everything to GH for more devs to support.

    The best way to protect yourself is to block indexing of your media directory specific to docs,docx and pdf files for now.

    Thread Starter mack28

    (@mack28)

    10 years, 5 months ago

    Thank you Thomas for the detailed explanation.

    Plugin Author Thomas Townsend

    (@smb-dev)

    10 years, 5 months ago

    Glad I could help clear the air on this.

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘Vault Press reports vulnerability’ is closed to new replies.