Version: 3.8.3 hit with Malware | ww.wp.xz.cn

Resolved calderwood
(@calderwood)

6 months, 4 weeks ago

Twice this week your plugin has been the source of a malware infection on our site. We have deactivated the plugin now. Wordfence has posted a vulnerability for the plugin:

Plugin Name: WP-Lister Lite for eBay
Current Plugin Version: 3.8.3
Details: To protect your site from this vulnerability, the safest option is to deactivate and completely remove “WP-Lister Lite for eBay” until a patched version is available. Get more information.(opens in new tab)
Repository URL: https://ww.wp.xz.cn/plugins/wp-lister-for-ebay(opens in new tab)
Vulnerability Information: https://www.wordfence.com/threat-intel/vulnerabilities/id/4238ce95-ff9a-492f-b3ef-3b263efdda7b?source=plugin(opens in new tab)
Vulnerability Severity: 4.3/10.0 (Medium)

Viewing 2 replies - 1 through 2 (of 2 total)

Plugin Support msantamaria
(@msantamaria)

6 months, 3 weeks ago

Hi @calderwood ,

Thank you for bringing this to our attention.

We already have a fix in the works and will roll it out as soon as possible.

We truly appreciate your patience.

Kind regards,

Menchie
WP Lab Support

Plugin Support msantamaria
(@msantamaria)

6 months, 2 weeks ago

Hi @calderwood ,

This is now fixed. We’ve just released version 3.8.5 of the Lite version.

This commit fixes CSRF (Cross-Site Request Forgery) and missing authorization vulnerabilities in the GPSR (General Product Safety Regulation) related AJAX handlers.

Kind regards,

Menchie
WPLab Support

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Version: 3.8.3 hit with Malware’ is closed to new replies.

3 replies
2 participants
Last reply from: msantamaria
Last activity: 6 months, 2 weeks ago
Status: resolved