WP Engine Security – Plugin Vulnerability Notification – WP Meta and Date Remove | ww.wp.xz.cn

Resolved ccbackus
(@ccbackus)

5 days, 3 hours ago

Notice from WP Engine:
We are reaching out to you today because we identified resources that may be utilizing a vulnerable version of the wp-meta-and-date-remover plugin.

The site ***** on ***** is running version 2.3.6.
The site ***** on ***** is running version 2.3.6.

WP Engine summary of the vulnerability: This vulnerability allows any unauthenticated user to perform actions that only an administrator should be allowed to do.

This vulnerability’s information has been verified by Patchstack. Please note that questions related to this notification should be directed to Patchstack, the plugin author or the 3rd-party researcher for the most accurate information.

Resources providing further information on this vulnerability:

https://patchstack.com/database/vulnerability/wp-meta-and-date-remover/wordpress-wp-meta-and-date-remover-plugin-2-3-6-broken-access-control-vulnerability?_a_id=473

There does not appear to be a fix for this update at this moment and we recommend updating when one becomes available.

Will you be releasing a fix soon?

Viewing 4 replies - 1 through 4 (of 4 total)

TRILOS new media
(@trilos)

4 days, 7 hours ago

(subscribing to this thread)

Plugin Author prasadkirpekar
(@prasadkirpekar)

1 day, 16 hours ago

Hello,

Thanks for reporting,

We are working on fixing it. It is not very critical security issue as per report. We will fix it by tonight

Plugin Author prasadkirpekar
(@prasadkirpekar)

1 day, 6 hours ago

We have updated plugin,

Please check

Thread Starter ccbackus
(@ccbackus)

1 day, 3 hours ago

Confirmed. I’ve updated the plugin to the latest version. Thanks for your efforts.

Viewing 4 replies - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.

4 replies
3 participants
Last reply from: ccbackus
Last activity: 1 day, 3 hours ago
Status: resolved