Support » Plugin: HMS Testimonials » Multiple critical vulnerabilities found

Viewing 13 replies - 1 through 13 (of 13 total)
  • Plugin Author Jeff K

    (@kreitje)

    Thanks.

    The form here sends it directly to me. If you want to send a “test” I will respond as soon as possible same with if you want to send what you found.

    http://hitmyserver.com/contact-us/

    Thread Starter Rogue Coder

    (@roguecoder)

    I will send another message through the contact-us form with all the content

    Plugin Author Jeff K

    (@kreitje)

    Thanks

    Thread Starter Rogue Coder

    (@roguecoder)

    Your contact form is flawed… I get this when trying to send.

    ——
    Forbidden

    You don’t have permission to access /contact/ on this server.

    Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
    ——-

    You want me to disclose it here? If not give me somewhere else to send it. I don’t think you would like this to be public before it’s patched to be honest

    Plugin Author Jeff K

    (@kreitje)

    The contact form is fixed now. Make sure to refresh the page.

    Of course I don’t want you to release it to the public until I have fixed the issues.

    Thread Starter Rogue Coder

    (@roguecoder)

    Refreshed the page and still the same error

    Plugin Author Jeff K

    (@kreitje)

    Odd I just tested it.

    Anyways:

    kreitje@ my domain

    Thread Starter Rogue Coder

    (@roguecoder)

    Roger.. I’ll send it there

    Plugin Author Jeff K

    (@kreitje)

    Thanks, I am pretty sure the security rules on the server are blocking what you stick in my comment form causing the 403.

    I have received your email.

    Thread Starter Rogue Coder

    (@roguecoder)

    Yeah might be.. That’s good

    Plugin Author Jeff K

    (@kreitje)

    An update has been pushed (version 2.0.11) securing these vulnerabilities.

    Thank you for sending these in along with proof of concepts.

    Jeff

    Thread Starter Rogue Coder

    (@roguecoder)

    You’re welcome. I will upgrade my version and test it as well.

    Thread Starter Rogue Coder

    (@roguecoder)

    I just wanted to stop by and say that I’ve tested 2.0.11 and the vulnerabilities are indeed secured 🙂

Viewing 13 replies - 1 through 13 (of 13 total)
  • The topic ‘Multiple critical vulnerabilities found’ is closed to new replies.