Vaultpress says this plugin has a vulnerability

Resolved jmckiernan86
(@jmckiernan86)

10 years, 10 months ago

The exact message is:

“The plugin WordPress Related Posts (version 2.7.1) has a publicly known vulnerability. It is recommended to deactivate and remove this plugin”

will this be addressed soon? because I like the plugin and i’d like to reactivate it ASAP

Thanks

http://wordpress.org/extend/plugins/wordpress-23-related-posts-plugin/

Viewing 6 replies - 1 through 6 (of 6 total)

silvoslaf
(@silvoslaf)

10 years, 10 months ago

Hm, well, this is definitely not right. We are contacting them for more details ASAP!

Thanks for bringing this up to us!

Best,
Silvo

silvoslaf
(@silvoslaf)

10 years, 10 months ago

Hey!

Here’s the official response from Vaultpress we received a couple of days ago:

I searched for the the quote that appears on that forum thread on our website (vaultpress.com), and we did not publish that text. I also did not find that text in any of our support emails.

If you have issues with that forum thread, I think it’s best to speak with someone from WordPress.org.

Where did you spot that message? Let me know, so we can act accordingly in order to avoid any future misconceptions.

Thanks again & I’m looking forward to your reply!

Best,
Silvo

Chris Rudzki
(@chrisrudzki)

10 years, 10 months ago

Hey,

Just to clarify – we always recommend that users run the latest versions of their plugins and themes, and naturally, WordPress itself.

In this case, it appears that our security scanner identified an older version of WordPress Related Posts running on a VaultPress user’s site. According to the following advisory, the older version has a security vulnerability:

http://secunia.com/advisories/53279/

The security notification identified 2.7.1 as the vulnerable version, but this was a typo. The vulnerable version is 2.6.1, and we’ve since updated our messaging to reflect this.

I hope this helps – thanks for bringing this to our attention!

-Chris from VaultPress

silvoslaf
(@silvoslaf)

10 years, 10 months ago

Hey Chris, big thanks for your update on this!

Yeah, we had some issues with the older version of our plugin, but we resolved it almost immediately together with the WordPress’s team, so that it doesn’t violate any TOS on their (or our) side.

Rest assured that all versions of our plugin are now completely safe to use.

Feel free to contact me at anytime if something is not absolutely clear — I’m here to help!

Take care!

Best,
Silvo

Chris Rudzki
(@chrisrudzki)

10 years, 10 months ago

You’re very welcome, Silvo. I’m glad we could get this sorted out. 🙂

Thread Starter jmckiernan86
(@jmckiernan86)

10 years, 10 months ago

Chris, thanks for updating, however it still says “1 security threat” on the top admin bar of WordPress. The only difference is it now shows that 2.6.1 is the vulnerable version when you click on the notification. I realize that 2.7 version of plugin is safe but you guys may want to update that also. I already tried deactivating the plugin then reactivating and the message still shows.

Viewing 6 replies - 1 through 6 (of 6 total)

The topic ‘Vaultpress says this plugin has a vulnerability’ is closed to new replies.