wpengine says 'security vulnerability' | ww.wp.xz.cn

Resolved carminemorra
(@carminemorra)

10 years, 8 months ago

Got this message from wpengine (my host)

“This plugin is vulnerable to modification of the resume file name to retrieve further information.”
Using Version 0.7.25
I guess I should disable until an update?

I’m standing by.

With Best Regards,

-Carmine

https://ww.wp.xz.cn/plugins/job-manager/

Viewing 3 replies - 1 through 3 (of 3 total)

Plugin Author Thomas Townsend
(@smb-dev)

10 years, 8 months ago

I am in communication with WPE….this is very misleading.

stephanie.capouch
(@stephaniecapouch)

10 years, 8 months ago

Hi Carmine – Here are a few articles that you may find useful. Please let me know if you need any additional help!

https://wpvulndb.com/vulnerabilities/8167
https://vagmour.eu/cve-2015-6668-cv-filename-disclosure-on-job-manager-wordpress-plugin/

Thanks,
Stephanie

Plugin Author Thomas Townsend
(@smb-dev)

10 years, 7 months ago

It’s not a true Security Vulnerability in any sense of the word as anyone using that hacker toolset can access anything in the Media Directory of WordPress, this has been known for a very long time.

We are working to correct for this on our end. The individual posting that
I assume has his own agenda.

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘wpengine says 'security vulnerability'’ is closed to new replies.

3 replies
3 participants
Last reply from: Thomas Townsend
Last activity: 10 years, 7 months ago
Status: resolved