Wordfence vulnerability | ww.wp.xz.cn

Resolved koullis
(@koullis)

10 months ago

just got a notice from wordfence that plugin is vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection

Freemius SDK <= 2.4.2 – Missing Authorization Checks

https://www.wordfence.com/threat-intel/vulnerabilities/detail/freemius-sdk-242-missing-authorization-checks

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/email-tracker

Viewing 5 replies - 1 through 5 (of 5 total)

Plugin Author Prashant Baldha
(@pmbaldha)

10 months ago

The Email Tracker 5.3.14 (Latest release) version uses the Freemius SDK 2.12.1 version, the latest Email Tracker 5.3.14 version has no vulnerability. Update the Email Tracker plugin.

Thread Starter koullis
(@koullis)

10 months ago

its already updated but why wordfence still picks it up as vulnerable?

Plugin Author Prashant Baldha
(@pmbaldha)

10 months ago

@koullis Thanks for reporting it.

Let me connect with Wordfence team. Once I will get update, I will update you here.

Thread Starter koullis
(@koullis)

10 months ago

ok thanks will wait for your update

Plugin Author Prashant Baldha
(@pmbaldha)

10 months ago

The Wordfence team has just marked the Email Tracker plugin as patched, so the Email Tracker plugin issue has been resolved.

Viewing 5 replies - 1 through 5 (of 5 total)

The topic ‘Wordfence vulnerability’ is closed to new replies.

Tags

8 replies
2 participants
Last reply from: Prashant Baldha
Last activity: 10 months ago
Status: resolved