M Woldt's Replies | ww.wp.xz.cn

Forum Replies Created

Viewing 6 replies - 1 through 6 (of 6 total)

Forum: Plugins
In reply to: [Smash Balloon Social Photo Feed – Easy Social Feeds Plugin] Vulnerability Report from WordFence for this plugin

Thread Starter M Woldt
(@mmpwebinfo)

1 year ago

Yes, my plugin is version 6.8.1. Has this version of the PRO plugin been updated to address the vulnerability? I just wanted to make sure I don’t have a vulnerability. I kind of thought WordFence didn’t split them up and list each with it’s own version number, which is totally confusing. It’d be nice if they updated the vulnerability to list each separate and put the appropriate version with each.

Forum: Plugins
In reply to: [MashShare - Social Media Share Buttons, Social Share Icons] Mashshare Share Buttons (4.0.47) has a known security vulnerability.

M Woldt
(@mmpwebinfo)

1 year, 1 month ago

I’m also getting a critical finding for this plugin in WordFence.

Here’s the link to the description of the finding:

https://www.wordfence.com/threat-intel/vulnerabilities/id/47906d5e-b77f-4b40-b89e-0bd0ed82b2e5?source=plugin

Forum: Plugins
In reply to: [BigCommerce For WordPress] Criticial Security Vulnerability reported by WordFence

Thread Starter M Woldt
(@mmpwebinfo)

2 years ago

WordFence is reporting a critical security vulnerability with the latest version of BigCommerce for WordPress (all version up to and including 5.0.7). Here is the text from the vulnerability:

Description

The BigCommerce For WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.0.7. This makes it possible for unauthenticated attackers to extract sensitive data.

This is the link: BigCommerce <= 5.0.7 – Unauthenticated Sensitive Information Exposure

Do you have an estimate time-frame on when this will be addressed? Thanks in advance.

Forum: Plugins
In reply to: [Zero Spam for WordPress] Vulnerability Discovered

M Woldt
(@mmpwebinfo)

2 years, 1 month ago

Here’s the patchstack report on the vulnerability:

Patchstack

Forum: Plugins
In reply to: [BigCommerce For WordPress] Criticial Security Vulnerability reported by WordFence

Thread Starter M Woldt
(@mmpwebinfo)

2 years, 1 month ago

This plugin is still coming up in WordFence with a critical security vulnerability (for version 5.0.7 and before). Here is the WordFence link: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/bigcommerce/bigcommerce-506-unauthenticated-sensitive-information-exposure

Forum: Plugins
In reply to: [WP responsive FAQ with category plugin] Security Vunerability (v 3.8)

Thread Starter M Woldt
(@mmpwebinfo)

2 years, 6 months ago

According to WordFence:

Multiple WPOnlineSupport plugins for WordPress are vulnerable to unauthorized modification of data due to a missing capability check on the wpos_anylc_admin_init_process() function hooked via admin_init in various versions. This makes it possible for unauthenticated attackers to dismiss a license notice.

You can check out the link I originally posted to see more details.

Thanks

Viewing 6 replies - 1 through 6 (of 6 total)