Jebeze
Forum Replies Created
-
Forum: Plugins
In reply to: [WP Popups - WordPress Popup builder] Broken Access VulnerabilityAwesome. I can confirm that I am no longer seeing the security warning on WPEngine as well. Thanks for working to resolve this issue. Much appreciated.
Forum: Plugins
In reply to: [WP Popups - WordPress Popup builder] Broken Access VulnerabilityThanks again, @timersys. That all makes sense, and thanks for taking the time to follow the thread of communication to the source. I just want to flag for you that WPEngine has unfortunately decided that Patchstack is where they pull information on plugin security vulnerabilities. WPEngine then uses the information to alert everyone on their platform that this plugin has a security vulnerability both via the WPEngine website dashboard and on the installed plugins admin page for each website. So, most WP Users will likely continue to believe there is a security issue with this plugin.
Version 2.16.1 resolved the issue for me. I am able to re-authenticate now without any issues.
Forum: Plugins
In reply to: [WP Popups - WordPress Popup builder] Broken Access VulnerabilityThanks @timersys. Unfortunately, Patchstack is still showing the issue as unresolved.
They are all after trying to connect with freshly pasted code. The debug log has several dozen more “Refresh token attempt failed in get_api_token” entires as well for the past few days as I and a colleague had both tried resetting the code multiple times to no avail, before and after full cache clears. The rollback worked immediately after only one get/paste attempt.