Vulnerability report (PHP Object Injection) in ConveyThis plugin | ww.wp.xz.cn

Resolved Javier Gobea
(@jandabt)

3 months, 3 weeks ago

Hello,

I’m reaching out to report multiple security vulnerabilities affecting the ConveyThis Translate plugin.

According to Patchstack, there are currently 3 reported vulnerabilities, including a critical one:
WordPress ConveyThis Plugin <= 269.1 – PHP Object Injection
https://vdp.patchstack.com/database/wordpress/plugin/conveythis-translate/vulnerabilities

Could you please confirm whether these issues have already been addressed in a newer version?
If not, is there an ETA for a security patch and any recommended mitigation steps in the meantime?

Thank you in advance.

Best regards,

Viewing 2 replies - 1 through 2 (of 2 total)

Thread Starter Javier Gobea
(@jandabt)

3 months, 3 weeks ago

Version 269.2 still has the security flaw.

Plugin Author ConveyThis
(@conveythis)

3 months, 3 weeks ago

Thank you so much for an update and helping our team to discover this vulnerability.

We issued a new update that covers a broader spectrum of cases which could help to remove this bug.

Please check the new version: 269.3

Viewing 2 replies - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.

3 replies
2 participants
Last reply from: ConveyThis
Last activity: 3 months, 3 weeks ago
Status: resolved