Plugin Author
Jeff K
(@kreitje)
Thanks.
The form here sends it directly to me. If you want to send a “test” I will respond as soon as possible same with if you want to send what you found.
http://hitmyserver.com/contact-us/
I will send another message through the contact-us form with all the content
Your contact form is flawed… I get this when trying to send.
——
Forbidden
You don’t have permission to access /contact/ on this server.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
——-
You want me to disclose it here? If not give me somewhere else to send it. I don’t think you would like this to be public before it’s patched to be honest
Plugin Author
Jeff K
(@kreitje)
The contact form is fixed now. Make sure to refresh the page.
Of course I don’t want you to release it to the public until I have fixed the issues.
Refreshed the page and still the same error
Roger.. I’ll send it there
Plugin Author
Jeff K
(@kreitje)
Thanks, I am pretty sure the security rules on the server are blocking what you stick in my comment form causing the 403.
I have received your email.
Yeah might be.. That’s good
Plugin Author
Jeff K
(@kreitje)
An update has been pushed (version 2.0.11) securing these vulnerabilities.
Thank you for sending these in along with proof of concepts.
Jeff
You’re welcome. I will upgrade my version and test it as well.
I just wanted to stop by and say that I’ve tested 2.0.11 and the vulnerabilities are indeed secured 🙂