Fix for vulnerability?

10bradders10
(@10bradders10)

2 months, 1 week ago

Any fix for the vulnerability? – YARPP – Yet Another Related Posts Plugin <= 5.30.1 – Contributor+ Stored XSS

Viewing 15 replies - 1 through 15 (of 15 total)

yikesinc
(@yikesinc)

2 months, 1 week ago

We would like to know too. https://wpscan.com/vulnerability/c6cf792b-054c-4d77-bcae-3b700f42130b

Thank you.

Five5star
(@five5star)

2 months, 1 week ago

Same issue detected on my sites using YARPP

i contacted YARPP (twitter, etc,…) but didnt get any answer to a fix !

?????

Plugin Author yarpp
(@jeffparker)

2 months, 1 week ago

It’s a very minor issue in our opinion – extremely unlikely to be an issue as only a user with high privilege, like an admin, could “exploit” it… very unlikely… 🤨</img> regardless a “fix” should be out this week and good hygiene in any case.

Five5star
(@five5star)

2 months, 1 week ago

Great then ! Thanks

Waiting for the update with the fix then.

Thread Starter 10bradders10
(@10bradders10)

2 months, 1 week ago

Thanks! Looking forward to the update.

yikesinc
(@yikesinc)

2 months ago

Thank you for the update!

bobmcphe
(@bobmcphe)

2 months ago

I just want to throw our hat in the ring here, as well. My company is about to launch a new website with the plugin, so we would be grateful to see the patch as well. Thank you for the work y’all do.

Plugin Author yarpp
(@jeffparker)

2 months ago

Hi all, the update is live – https://wordpress.org/plugins/yet-another-related-posts-plugin/#developers

The wpscan report should hopefully update soon.

sincewelastspoke
(@sincewelastspoke)

2 months ago

@yarpp Thanks for the swift update 🙂

Five5star
(@five5star)

2 months ago

great

Five5star
(@five5star)

1 month, 4 weeks ago

Still detected as vulnerable

Thread Starter 10bradders10
(@10bradders10)

1 month, 4 weeks ago

Same here @five5star – Still detected as vulnerable
metricmedia
(@metricmedia)

1 month, 3 weeks ago
Yes – here’s iThemes Security’s report, last updated 1/30:

https://itsec-site-scanner.ithemes.com/vulnerability-details/djIubG9jYWwuTWlmamxoMFZicHNtZUk0dmlTOW5sRWpPNjIySk9PY2JRRTdXTGZVanVNTURoSnlxZllaYnV2akZFRk5GQ0VsVy04eEZFaUJfbnprbENvZGdKUC1YSHhVbDlnYUNxQkpHRzFKOEotY2Z4Q2hSTndfVkRoMmJfaVFiWGhOVkc0N2N2X21BNFRlZWJCLXE3OEJwQkk0OTFkSkxXWnowakE0LV8yY1RJdW5pdWd1XzFpdEoxbjdWUHRsanA5ajRUV211V1F4M3lucXQtZGpoM2gxSHFNYThubXEyNlVsWjJKcWhjc3lZeElSbWxHZHp2YUVhZnZPN1FTcDVUUGJQZVBnenFYYXItYy1GUjNoVXlieWlrVUpvZThRX3pqQm5Lek8wdlZjeXJIbFBzbmdNby1qa00wTFZHdkpJMENoYkxTOXAyTmp0eWh5eW1nMF96aDNXLUU2UFpmbFBYcXB5S2V1YXp0c3JCcDJVbUVzVlptY3lWWHFLTHZjRU9OOFE3LUtyVk1HYVVxd2NOTml5VkxTeXd3bTYtYWNVdVh3
- This reply was modified 1 month, 3 weeks ago by metricmedia.
xeinar
(@xeinar)

1 month, 2 weeks ago

Any chance to have the vulnerability fixed soon? I’m afraid that to be on the safe side we’ll have to disable the plugin or worse switch to other alternatives.

Thread Starter 10bradders10
(@10bradders10)

1 month, 1 week ago

Any update on this @jeffparker, please?

Viewing 15 replies - 1 through 15 (of 15 total)

You must be logged in to reply to this topic.

Views