Is 2.0.0+ secure? | WordPress.org

Resolved redearthdesign
(@redearthdesign)

8 years, 10 months ago

Hi, I’ve received a notification from WPScan Vulnerability Database stating that this plugin is not secure, and was not patched in 2.0.0 despite what the advisories it links to say.

Could you clarify and confirm that the issue has been resolved, either in 2.0.0 or in a later version?

This is the link to their note:
https://wpvulndb.com/vulnerabilities/8814

Thank you!
Alisa

Viewing 4 replies - 1 through 4 (of 4 total)

Plugin Author gm_alex
(@gm_alex)

8 years, 10 months ago

2.0.0 and above escapes all inputs. So there is no issue anymore since 2.0.0. Feel free to check the code at github by yourself.

Thread Starter redearthdesign
(@redearthdesign)

8 years, 10 months ago

Ok! Thanks for your prompt reply & confirmation.

Plugin Author gm_alex
(@gm_alex)

8 years, 10 months ago

I wasn’t right, sorry. I changed something for testing at my dev db so I didn’t see it. Please update to 2.0.9, there the issue is fixed. See https://github.com/GM-Alex/user-access-manager/issues/76 for more details.

Thread Starter redearthdesign
(@redearthdesign)

8 years, 10 months ago

Thank you very much!

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘Is 2.0.0+ secure?’ is closed to new replies.

4 replies
2 participants
Last reply from: redearthdesign
Last activity: 8 years, 10 months ago
Status: resolved