Broken access control – plugin vulnerability

  • kristynakadlecova

    (@kristynakadlecova)


    1 week, 4 days ago

    Hi there,
    In version 2.4.27 of a free plugin version of 3DearFlip app our Patchstack monitoring service revealed a vulnerability:
    Broken Access Control
    A broken access control issue refers to a missing authorization, authentication or nonce token check in a function that could lead to an unprivileged user to executing a certain higher privileged action.

    Can you fix that, please?
    Thanks in advance

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author Deepak Ghimire

    (@deip)

    1 week, 4 days ago

    Hi,

    We are working on it with PatchStack team and the reporter to solve the issue.

    It involves only private flipbooks, if you create any. Normally that is not the use case in our experience. But even though it is a edge case and will be handled. If you do not set your flipbooks to private and set them as public, there is no issue.

    The complication is from password protected case, we do not need nor want it, but custom post adds it anyway and the testing team wants it handled. We are thinking to just show an info that password protected flipbook post are not supported.

    Best Regards,
    Deepak

    charactercreates

    (@charactercreates)

    1 week, 3 days ago

    Hi, I have a vulnerability showing on my update tool. I am at the latest version of the plugin 2.4.28.

    Can you advise if there is another patch due out please?

    Plugin Author Deepak Ghimire

    (@deip)

    6 days, 10 hours ago

    We have released a patch 2.4.30
    It was approved by PatchStack yesterday and should be announced by today.

Viewing 3 replies - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.