Awesome Support Plugin <= 6.3.4 – Sensitive Data Exposure Vulnerability

Resolved Erik Geurts
(@erikgeurtsplatformiqcom)

3 months ago

Our security scan revealed that your plugin has been marked as vulnerable for version 6.3.4 and below.

Please fix the issue as soon as possible and release the new version.

Viewing 5 replies - 1 through 5 (of 5 total)

Fernando Tellado
(@fernandot)

2 months, 3 weeks ago

Same here, link to the announce: https://patchstack.com/database/wordpress/plugin/awesome-support/vulnerability/wordpress-awesome-support-plugin-plugin-6-3-4-sensitive-data-exposure-vulnerability?_a_id=350

Plugin Author Jawad Ahmed
(@jawada)

1 month, 4 weeks ago

Hi @erikgeurtsplatformiqcom and @fernandot

Thank you for bringing this to our attention. We are already aware of the reported vulnerability and our development team is working on a fix with high priority.

We take security issues very seriously and will release an update as soon as the patch is ready and fully tested.

Best regards,

Thread Starter Erik Geurts
(@erikgeurtsplatformiqcom)

1 month, 4 weeks ago

One month is not high priority 🙁 . Kind of says enough about how seriously you take these things.

Plugin Author Jawad Ahmed
(@jawada)

1 month, 2 weeks ago

Hi @erikgeurtsplatformiqcom ,

We have addressed the vulnerability issue, and it has been fixed in the latest version of Awesome Support. Please update to the most recent release to ensure the issue is resolved.

If you run into any further problems, feel free to reply and we’ll be glad to help.

Best regards,

Thread Starter Erik Geurts
(@erikgeurtsplatformiqcom)

1 month, 2 weeks ago

The problem is that it took you 6 weeks to fix a security vulnerability, this is way too long. Security issues should be addressed in a matter of hours after they are disclosed, but in any event within at most a few days.

Viewing 5 replies - 1 through 5 (of 5 total)

You must be logged in to reply to this topic.