WFRM IT Staff
Forum Replies Created
-
Could you contact Patch Stack and for details about vulnerability and fix it asap?
In the opposite case we must remove it.
Regards.Forum: Plugins
In reply to: [JW Player for WordPress] Vulnerability found in version 2.3.6Hi, do you have a feedback or plan to release the new fixed version?
Thanks in advance for your cooperation.
Regards.Please,check with PatchStack to get info about fix this security issue:
https://patchstack.com/database/wordpress/plugin/fsm-custom-featured-image-caption/vulnerability/wordpress-fsm-custom-featured-image-caption-plugin-1-25-1-cross-site-scripting-xss-vulnerabilityRegards.
Forum: Plugins
In reply to: [WP Ultimate Review] Vulnerability found in version 2.3.9Please, let us know if there are some news.
Thanks.Forum: Plugins
In reply to: [JW Player for WordPress] Vulnerability found in version 2.3.6Thanks for the prompt response.
Patchstack is still reporting the issue and various security tools are also reporting it:#WordPress JW Player for WordPress plugin <= 2.3.7 – Broken Access Control vulnerability
-Vulnerability type: Broken Access Control
-No Update AvailableCould you kindly double check?
Thanks.Any news or roadmap from plugin developers? The issue is reported from PatchStack.
Regards.Dear Experts, do you have any news or a roadmap to fix this security issue?
Thanks.Dear experts, unfortunately, the vulnerability report persists even after the upgrade:
WordPress Royal Elementor Addons plugin <= 1.7.1051 – Other Vulnerability Type vulnerability-Vulnerability type: Other Vulnerability Type
You should investigate withPatch Stack.The problem is not fixed with version 4.19.1
CVSS Score3.8 WordPress Real 3D FlipBook plugin <= 4.19.1 – Broken Access Control vulnerability
-Vulnerability type: Broken Access Control
-No Update Available
Please investigate it and clarify it with PatchStack.
Regards.Same issue.
Could you kindly check and release a security update asap?
Regards.Forum: Plugins
In reply to: [Accept Donations with PayPal & Stripe] Open Redirection vulnerabilityThanks for your feedback, could you kindly report this to patchstack? In the opposite case some security plugin will reports your plugin as vulnerable.
Thanks in adcavnce for your cooperation.
Forum: Plugins
In reply to: [Accept Donations with PayPal & Stripe] Open Redirection vulnerabilityHi, based on patch stack the version 1.5.2 is still affected. Could you kindly double check?
https://patchstack.com/database/wordpress/plugin/easy-paypal-donation/vulnerabilities
CVSS Score4.7
#WordPress Accept Donations with PayPal plugin <= 1.5.2 – Open Redirection vulnerability
-Vulnerability type: Open Redirection
-No Update AvailableThanks in advance for your cooperation.
Similar error with PHP 8.3:
Fatal error: Uncaught TypeError: implode(): Argument #2 ($array) must be of type ?array, string given in /var/www/html/web/wp-content/plugins/facebook-pagelike-widget_/fb_class.php:42 Stack trace: #0 /var/www/html/web/wp-content/plugins/facebook-pagelike-widget_/fb_class.php(42): implode() #1 /var/www/html/web/wp-includes/class-wp-widget.php(394): facebook_widget->widget() #2 /var/www/html/web/wp-includes/widgets.php(845): WP_Widget->display_callback() #3 /var/www/html/web/wp-content/plugins/js_composer/include/templates/shortcodes/vc_widget_sidebar.php(27): dynamic_sidebar() #4 /var/www/html/web/wp-content/plugins/js_composer/include/classes/shortcodes/core/class-wpbakeryshortcode.php(457): require(‘/var/www/html/d…’) #5 /var/www/html/web/wp-content/plugins/js_composer/include/classes/shortcodes/core/class-wpbakeryshortcode.php(430): WPBakeryShortCode->loadTemplate() #6 /var/www/html/web/wp-content/plugins/js_composer/include/classes/shortcodes/core/class-wpbakeryshortcode.php(552): WPBakeryShortCode->content() #7 /var/www/html/web/wp-content/plugins/js_composer/include/helpers/helpers.php(1371): WPBakeryShortCode->output() #8 /var/www/html/web/wp-includes/shortcodes.php(434): vc_do_shortcode() #9 [internal function]: do_shortcode_tag() #10 /var/www/html/web/wp-includes/shortcodes.php(273): preg_replace_callback() #11 /var/www/html/web/wp-content/plugins/js_composer/include/helpers/helpers.php(318): do_shortcode() #12 /var/www/html/web/wp-content/plugins/js_composer/include/templates/shortcodes/vc_column.php(94): wpb_js_remove_wpautop() #13 /var/www/html/web/wp-content/plugins/js_composer/include/classes/shortcodes/core/class-wpbakeryshortcode.php(457): require(‘/var/www/html/d…’) #14 /var/www/html/web/wp-content/plugins/js_composer/include/classes/shortcodes/core/class-wpbakeryshortcode.php(430): WPBakeryShortCode->loadTemplate() #15 /var/www/html/web/wp-content/plugins/js_composer/include/classes/shortcodes/core/class-wpbakeryshortcode.php(552): WPBakeryShortCode->content() #16 /var/www/html/web/wp-content/plugins/js_composer/include/helpers/helpers.php(1371): WPBakeryShortCode->output() #17 /var/www/html/web/wp-includes/shortcodes.php(434): vc_do_shortcode() #18 [internal function]: do_shortcode_tag() #19 /var/www/html/web/wp-includes/shortcodes.php(273): preg_replace_callback() #20 /var/www/html/web/wp-content/plugins/js_composer/include/helpers/helpers.php(318): do_shortcode() #21 /var/www/html/web/wp-content/themes/onair2/vc_templates/vc_row.php(187): wpb_js_remove_wpautop() #22 /var/www/html/web/wp-content/plugins/js_composer/include/classes/shortcodes/core/class-wpbakeryshortcode.php(457): require(‘/var/www/html/d…’) #23 /var/www/html/web/wp-content/plugins/js_composer/include/classes/shortcodes/vc-row.php(40): WPBakeryShortCode->loadTemplate() #24 /var/www/html/web/wp-content/plugins/js_composer/include/classes/shortcodes/core/class-wpbakeryshortcode.php(552): WPBakeryShortCode_Vc_Row->content() #25 /var/www/html/web/wp-content/plugins/js_composer/include/helpers/helpers.php(1371): WPBakeryShortCode->output() #26 /var/www/html/web/wp-includes/shortcodes.php(434): vc_do_shortcode() #27 [internal function]: do_shortcode_tag() #28 /var/www/html/web/wp-includes/shortcodes.php(273): preg_replace_callback() #29 /var/www/html/web/wp-includes/class-wp-hook.php(324): do_shortcode() #30 /var/www/html/web/wp-includes/plugin.php(205): WP_Hook->apply_filters() #31 /var/www/html/web/wp-includes/post-template.php(256): apply_filters() #32 /var/www/html/web/wp-content/themes/onair2/page-fullwidth.php(38): the_content() #33 /var/www/html/web/wp-includes/template-loader.php(106): include(‘/var/www/html/d…’) #34 /var/www/html/web/wp-blog-header.php(19): require_once(‘/var/www/html/d…’) #35 /var/www/html/web/index.php(17): require(‘/var/www/html/d…’) #36 {main} thrown in /var/www/html/web/wp-content/plugins/facebook-pagelike-widget_/fb_class.php on line 42
Forum: Plugins
In reply to: [WP YouTube Live] CSRF Security VulnerabilityHi, any news about security issue reported by Patchstack at https://patchstack.com/database/wordpress/plugin/wp-youtube-live/vulnerability/wordpress-wp-youtube-live-plugin-1-10-0-cross-site-request-forgery-csrf-vulnerability ?
The issue was originally reported by “Mika” https://patchstack.com/database/researcher/5ade6efe-f495-4836-906d-3de30c24edad, maybe you can contact him to get more details.
Or you can try co contact Darius Sveikauskas (Patchstack):
https://ww.wp.xz.cn/support/users/darius_fx/Thanks in advance for your cooperation.
Unfortunately, it seems that the security issue is still present even with version 11.13.8.
Could you please double-check?
Thank you very much for your cooperation.