<= 6.1.15 – Broken Access Control vulnerability

Resolved KoolKatDesign
(@koolkatdesign)

1 month, 1 week ago

I love this plugin but a fix has not been released for this vulnerability yet. Any ETA on a 6.1.16 update?

Viewing 6 replies - 1 through 6 (of 6 total)

Plugin Author Mitchell Bennis
(@eemitch)

1 month, 1 week ago

Hi,

6.1.16 was released two weeks ago, addressing this and a few other issues…

https://wordpress.org/plugins/simple-file-list/#developers

Mitch
Thread Starter KoolKatDesign
(@koolkatdesign)

1 month, 1 week ago
For some reason the 6.1.16 update was not showing up in my WP dashboard so I downloaded it from your link and updated it manually but I am now getting a <= 6.1.16 – Broken Access Control vulnerability warning error from Solid Security. I don’t think this update fixed the issue.
- This reply was modified 1 month, 1 week ago by KoolKatDesign.
Plugin Author Mitchell Bennis
(@eemitch)

1 month, 1 week ago

The issue is fixed. I’m unable to support Solid Security. Regardless, the issue was very minor and not much of a threat….

https://patchstack.com/database/wordpress/plugin/simple-file-list/vulnerability/wordpress-simple-file-list-plugin-6-1-15-broken-access-control-vulnerability
Thread Starter KoolKatDesign
(@koolkatdesign)

1 month, 1 week ago
Appreciate your help! I just wanted to make you aware that Solid Security is still detecting the vulnerability during site scan.

LMK if you’d like any additional details.
- This reply was modified 1 month, 1 week ago by KoolKatDesign.
Plugin Author Mitchell Bennis
(@eemitch)

1 month, 1 week ago

I did release 6.1.17 to address the Patchstack CVE

Unfortunately or fortunately, I believe we’ll be seeing more and more of this as bug hunters using AI pore over all the code they can get their hands on so they can get paid bounties by companies like Patchstack. Developers like my self are trying to get ahead by using our own AI, as well as the great tools that WordPress gives us, like PCP.

In the end we should end up with much better code.

Thread Starter KoolKatDesign
(@koolkatdesign)

1 month, 1 week ago

I get a clean scan now with the 6.1.17 update! Thx so much for such a great plugin and for all your quick support! 🙂

Viewing 6 replies - 1 through 6 (of 6 total)

You must be logged in to reply to this topic.