Support » Plugin: Broken Link Checker – Find and Fix Dead Links » Is it true ManageWP is no longer supporting this plugin?

  • Resolved Peter La Fond

    (@myinternetscout)


    iThemes just sent out an advisory that this plugin is vulnerable to cross scripting attacks and ManageWP is no longer supporting the plugin.

    Is this true? and should all users uninstall it from websites?

    Thanks, Peter

Viewing 15 replies - 1 through 15 (of 16 total)
  • I’m not sure this is a false alarm. According to WP Vulnerability Database (here is the link) and the associated documentation within, ManageWP confirmed they were not activating the plugin or providing support in response to the vulnerability.

    Timeline
    2019-09-05 Identified the vulnerability
    2019-09-06 Contacted ManageWP
    2019-09-09 Contacted plugins@wordpress.org
    2019-09-10 Response by ManageWP requesting more details
    2019-09-11 Response by ManageWP that they are not actively maintaining the plugin and don’t provide support
    2019-09-20 CVE assigned
    2019-10-16 Public disclosure

    Honestly – even if the vulnerability is a false alarm, ManageWP’s response to the inquiry is enough to remove it from every site you have because it’s only a matter of time before there is a real problem that they aren’t going to resolve. Why wait until it’s too late?

    • This reply was modified 1 month, 1 week ago by cgscomputers. Reason: Ticking for email replies
    • This reply was modified 1 month ago by Jan Dembowski.
    • This reply was modified 1 month ago by Jan Dembowski.
    Moderator Marius L. J.

    (@clorith)

    Hiya,

    We’re looking into the matter, we had not been made aware of any potential issues with the plugin, and this is why there’s not been any action taken on our part here at WordPress.org.

    The plugins team has been informed of the topic, and are investigating.

    Moderator Jan Dembowski

    (@jdembowski)

    Forum Moderator and Brute Squad

    If you need support for this plugin then please start your own topic. I have archived the pile on replies.

    https://wordpress.org/support/forum-user-guide/faq/#i-have-the-same-problem-can-i-just-reply-to-someone-elses-post-with-me-too

    You can do so here.

    https://wordpress.org/support/plugin/broken-link-checker/#new-post

    • This reply was modified 1 month ago by Jan Dembowski. Reason: NUTS. Misread. Still, start your own topic please
    Emil1

    (@milouze)

    Hi, not informed ?

    1 week past with this topic : https://wordpress.org/support/topic/security-reflected-xss/

    Please be sincere tell us if you want more maintain this plugin.

    Thank you

    • This reply was modified 1 month ago by Emil1.
    wpgerd

    (@wpgerd)

    Looks like, they published another tool for their management plugin:
    https://managewp.com/blog/link-monitor-ea-release
    So they don’t need anymore Broken Link Checker. But here and on their website there is no official statement if they support this plugin no more ;-(

    hongpong

    (@hongpong)

    I’ve offered a couple times to manage the plugin this year, and tried to address major issues in the support forum this year, and run a fork with commits from the community that clean up some of the most frequent problems.

    I don’t think it makes sense to fork yet another officially registered plugin to further fragmentation, but in any case, you can try the plugin with the patches that some people and I have improved here: (download zip under green button, should drop in as a replacement).

    My request to manage this plugin under a community-focused approach stands!

    URL: https://github.com/HongPong/broken-link-checker

    christinahills

    (@christinahills)

    I really think there needs to be a “Plugins Code of Conduct” that when a company decides to abandon a plugin, that they notify the community and ask if someone wants to take over it.

    Thank you @hongpong for stepping up!

    I WISH ManageWp would reply here

    wpgerd

    (@wpgerd)

    I would appreciate it very much if hongpong and others manage this really helpful plugin with more than 700.000 Installations.

    Includes the version on github also a fix for the Authenticated Reflected Cross-Site Scripting (XSS)?

    thanks for your support!!

    hongpong

    (@hongpong)

    @wpgerd take a look at the commits listed on github, as well as the issue list. per the forum rules i think i can’t say here exactly how this has been resolved?

    I don’t know officially. But it seems something has already been decided about the plugin.

    Peter La Fond

    (@myinternetscout)

    @hongpong as you may have seen GoDaddy’s response on Twitter… a company rep said they’re in the process of turning over ownership of the plugin. That it’s just days away. I asked the GoDaddy rep to keep us users informed in this support thread. Hopefully, we’ll hear something soon. Cheers, Peter

    tazwordpress

    (@tazwordpress)

    Hey folks, let me re-iterate what my colleague Nemanja also disclosed on Twitter. We have been looking for some time for a team that has previous contributions, activity in the WordPress space, reputation and team size (a.k.a. willingness and resources) to properly maintain and invest into this plugin.
    We finally found a great team willing to do just that and we are in a final stages of the adoption process. We are hoping to wrap up everything and have an official announcement soon.

    P.S.
    Thanks for getting in touch with us Peter.

    Plugin Support Jorge – WPMU DEV Support

    (@wpmudev-support7)

    Hey there, everyone!

    We’re happy to announce that we have taken over the maintenance of this plugin, and we have released an update, so the security issue is now solved, feel free to update and report any new issues.

    We’re happy to help!

    Regards,

    Jorge – WPMU DEV

    Monique23

    (@monique23)

    Thank you Jorge!

    I am sure many many people will be very happy with your news.

    Best regards,
    Monique

    christinahills

    (@christinahills)

    Thank you Jorge!

    I’ll announce this to my WordPress students

    🙂 Christina

    Peter La Fond

    (@myinternetscout)

    @wpmudev-support7 Awesome! Thank you so much! Is it possible to get this plugin somehow on WPEngine’s approved plugin list? Right now, they won’t let users install it.

    Thank you. Peter

Viewing 15 replies - 1 through 15 (of 16 total)
  • You must be logged in to reply to this topic.