psuc
Forum Replies Created
-
Forum: Plugins
In reply to: [TablePress - Tables in WordPress made easy] Wordfence problemThank you so much Tobias, for your response and explanation.
I am glad to hear it is a very low security issue.
I am looking forward to TablePress 2.0.
Regards
VeraForum: Plugins
In reply to: [TablePress - Tables in WordPress made easy] Wordfence problemHello Tobias
The Wordfence Security scan has shown this CVE vulnerability for about 6 weeks now and in a previous post you stated:
“I’m currently trying to get a hold of someone at WordFence (if you can assist that
would be greatly appreciated). If there really is a issue in TablePress, I will of
course be fixing it as soon as possible! Thanks for your patience on this. I’ll be
posting updates as soon as possible! Best wishes, Tobias”So I logged a ticket with Wordfence (after 6 weeks) to see if they could resolve this matter because the scan now shows this plugin vulnerability as “critical”.
This is their, Wordfence’s response (extract):
“We have tried to work with Tobias from TablePress to explain the inherent risks
of leaving such a vulnerability in his plugin, however, he disagrees on
responsibility pointing the blame of CSV software rather than providing a patch
in his plugin. At this point we have not been able to come to terms with the
developer. Since this vulnerability has a CVE, and we deem it as a security risk
based on industry standards, we will not be removing the vulnerability from our
vulnerability database which returns scan results. The plugin will show-up as
unpatched until the developer has patched the vulnerability.”I know you are currently working on TablePress Version 2.0, but if this version has a long lead time before being published, is it possible for you to patch this CVE vulnerability?
Thank you for all you work on this in the past.
Regards
Vera