Security issue?

Resolved

(@alhbin)

I got the below from my hosting provider Pressidium. Can you verify if this is accurate and a update is in progress??

Thanks!

We would like to inform you that our security scans have detected an active vulnerable plugin, found on your install.

The plugin in question is duplicate-page (you have version 4.4.1 installed) and according to our internal security database this plugin has been reported as vulnerable until version 4.4.1. Your version of duplicate-page is affected by the following vulnerability "wp-upload-restriction - WordPress Duplicate Page <= 4.4.1 - HTML Injection Vulnerability". To learn more about this vulnerability please visit the following link.

The page I need help with: [log in to see the link]

Viewing 5 replies - 1 through 5 (of 5 total)

Plugin Support duplicatepagesupport
(@duplicatepagesupport)

2 years, 7 months ago

Hi @alhbin

Thank you for highlighting your concern. We really apologize for the inconvenience.

We take security very seriously and apologize to our community for any inconvenience or issues that have been caused.

We have checked this at our end and didn’t find any security-related concerns within our plugin. However, to remove any kind of possibility of threats, we have run the sanitization and updated the code.

We have released the 4.4.2 version of the plugin which is now available, please update the plugin to be assured you will not face any further security-related issues.

Regards,

caordawebsol
(@caordawebsol)

2 years, 7 months ago

Apparently this update is insufficient:
https://wpscan.com/vulnerability/9ebdd1df-1d6f-4399-8b0f-77a79f841464

Thread Starter Anders Alhbin
(@alhbin)

2 years, 7 months ago

Yes, as above user mention, still considered insecure…

duhblow7
(@duhblow7)

2 years, 7 months ago

Do you have a link for iThemes Security? WPScan show it’s fixed.

https://wpscan.com/vulnerability/9ebdd1df-1d6f-4399-8b0f-77a79f841464

Plugin Support duplicatepagesupport
(@duplicatepagesupport)

2 years, 7 months ago

Hi @alhbin

Thanks for highlighting the issue.

We did some security testing by the steps shared by you, we have only found some HTML tags issues, we have fixed all known issues and released version 4.4.3.

We would request you please update and let us know if you still have any issues.

Regards,

Viewing 5 replies - 1 through 5 (of 5 total)

The topic ‘Security issue?’ is closed to new replies.