Title: Security issue – will it be fixed?? Last modified: June 5, 2023 --- # Security issue – will it be fixed?? * Resolved [caordawebsol](https://wordpress.org/support/users/caordawebsol/) * (@caordawebsol) * [3 years ago](https://wordpress.org/support/topic/security-issue-will-it-be-fixed/) * Will you be issuing a fix for this vulnerability? * Constant Contact Forms plugin <= 1.14.0 – Broken Access Control vulnerability - This topic was modified 3 years ago by [caordawebsol](https://wordpress.org/support/users/caordawebsol/). Viewing 15 replies - 1 through 15 (of 33 total) 1 [2](https://wordpress.org/support/topic/security-issue-will-it-be-fixed/page/2/?output_format=md) [3](https://wordpress.org/support/topic/security-issue-will-it-be-fixed/page/3/?output_format=md) [→](https://wordpress.org/support/topic/security-issue-will-it-be-fixed/page/2/?output_format=md) * Plugin Author [Constant Contact](https://wordpress.org/support/users/constantcontact/) * (@constantcontact) * [3 years ago](https://wordpress.org/support/topic/security-issue-will-it-be-fixed/#post-16796048) * Can you provide where you’re seeing this report, or what tool you’re using to see this, so that we can get more information about reported issues and check on if our next release is going to already cover it or not? * Any extra information would be greatly appreciated. * Thread Starter [caordawebsol](https://wordpress.org/support/users/caordawebsol/) * (@caordawebsol) * [3 years ago](https://wordpress.org/support/topic/security-issue-will-it-be-fixed/#post-16796058) * Patchstack is reporting it: [https://patchstack.com/database/vulnerability/constant-contact-forms/wordpress-constant-contact-forms-plugin-1-14-0-broken-access-control-vulnerability?_a_id=431](https://patchstack.com/database/vulnerability/constant-contact-forms/wordpress-constant-contact-forms-plugin-1-14-0-broken-access-control-vulnerability?_a_id=431) * Plugin Author [Constant Contact](https://wordpress.org/support/users/constantcontact/) * (@constantcontact) * [3 years ago](https://wordpress.org/support/topic/security-issue-will-it-be-fixed/#post-16796106) * Thanks for the link, we’ll be reviewing it as soon as possible. * [PTaubman](https://wordpress.org/support/users/ptaubman/) * (@ptaubman) * [3 years ago](https://wordpress.org/support/topic/security-issue-will-it-be-fixed/#post-16801897) * Checking in on this as well. Any ETA for an update that is not vulnerable? * Or, do you have another preferred solution that replaces this? * Thanks. * Plugin Author [Constant Contact](https://wordpress.org/support/users/constantcontact/) * (@constantcontact) * [3 years ago](https://wordpress.org/support/topic/security-issue-will-it-be-fixed/#post-16801915) * We put the security related fix, pointed out with better detail for where from a review received this morning, in as part of the 2.0.0 major release that we pushed up to wordpress.org this afternoon. * Thread Starter [caordawebsol](https://wordpress.org/support/users/caordawebsol/) * (@caordawebsol) * [3 years ago](https://wordpress.org/support/topic/security-issue-will-it-be-fixed/#post-16801937) * Thank you! * Thread Starter [caordawebsol](https://wordpress.org/support/users/caordawebsol/) * (@caordawebsol) * [3 years ago](https://wordpress.org/support/topic/security-issue-will-it-be-fixed/#post-16801949) * When reconnecting using the code provided once logged into CC, the site throws a 500 error: * An error of type E_ERROR was caused in line 754 of the file XXX/wp-content/plugins/ constant-contact-forms/includes/class-lists.php. Error message: Uncaught Error: Cannot use object of type Ctct\Components\Contacts\ContactList as array in XXX/ wp-content/plugins/constant-contact-forms/includes/class-lists.php:754 * Plugin Author [Constant Contact](https://wordpress.org/support/users/constantcontact/) * (@constantcontact) * [3 years ago](https://wordpress.org/support/topic/security-issue-will-it-be-fixed/#post-16801970) * Hi [@caordawebsol](https://wordpress.org/support/users/caordawebsol/) we are checking on that right now. Thank you for the information * Plugin Author [Constant Contact](https://wordpress.org/support/users/constantcontact/) * (@constantcontact) * [3 years ago](https://wordpress.org/support/topic/security-issue-will-it-be-fixed/#post-16801999) * You can download version 2.0.1 via [https://downloads.wordpress.org/plugin/constant-contact-forms.2.0.1.zip](https://downloads.wordpress.org/plugin/constant-contact-forms.2.0.1.zip) and since you’re experiencing fatal errors, it’ll probably have to be a manual upload. * Our apologies about that necessary step, it was definitely not our intention. * Thread Starter [caordawebsol](https://wordpress.org/support/users/caordawebsol/) * (@caordawebsol) * [3 years ago](https://wordpress.org/support/topic/security-issue-will-it-be-fixed/#post-16802015) * Thanks for addressing it so quickly – trying now. * Thread Starter [caordawebsol](https://wordpress.org/support/users/caordawebsol/) * (@caordawebsol) * [3 years ago](https://wordpress.org/support/topic/security-issue-will-it-be-fixed/#post-16802018) * Working great now – thanks so much! * Thread Starter [caordawebsol](https://wordpress.org/support/users/caordawebsol/) * (@caordawebsol) * [3 years ago](https://wordpress.org/support/topic/security-issue-will-it-be-fixed/#post-16802030) * Side note – show_title=false doesn’t seem to be working any more…. * [ctct form=”177″ show_title=”false”] * Plugin Author [Constant Contact](https://wordpress.org/support/users/constantcontact/) * (@constantcontact) * [3 years ago](https://wordpress.org/support/topic/security-issue-will-it-be-fixed/#post-16802151) * [@caordawebsol](https://wordpress.org/support/users/caordawebsol/) Not managing to recreate that issue with the title. Can you attempt saving the page where the shortcode is at and see if that somehow clears up the issue? * Thread Starter [caordawebsol](https://wordpress.org/support/users/caordawebsol/) * (@caordawebsol) * [3 years ago](https://wordpress.org/support/topic/security-issue-will-it-be-fixed/#post-16802156) * I’m now having issues syncing lists – once new code is copied over, it doesn’t“ see” the lists. Screen shows zero lists, even after clicking sync - This reply was modified 3 years ago by [caordawebsol](https://wordpress.org/support/users/caordawebsol/). * Plugin Author [Constant Contact](https://wordpress.org/support/users/constantcontact/) * (@constantcontact) * [3 years ago](https://wordpress.org/support/topic/security-issue-will-it-be-fixed/page/2/#post-16802164) * Can you visit Settings > Support tab and enable the debugging setting? I’m curious if there’s already some logs in place in the debug log menu item that will show. If not, enable the debugging and re-try syncing the lists. Hopefully then something will show in the logs that we can use to troubleshoot. Viewing 15 replies - 1 through 15 (of 33 total) 1 [2](https://wordpress.org/support/topic/security-issue-will-it-be-fixed/page/2/?output_format=md) [3](https://wordpress.org/support/topic/security-issue-will-it-be-fixed/page/3/?output_format=md) [→](https://wordpress.org/support/topic/security-issue-will-it-be-fixed/page/2/?output_format=md) The topic ‘Security issue – will it be fixed??’ is closed to new replies. * ![](https://ps.w.org/constant-contact-forms/assets/icon-256x256.png?rev=2951825) * [Constant Contact Forms](https://wordpress.org/plugins/constant-contact-forms/) * [Frequently Asked Questions](https://wordpress.org/plugins/constant-contact-forms/#faq) * [Support Threads](https://wordpress.org/support/plugin/constant-contact-forms/) * [Active Topics](https://wordpress.org/support/plugin/constant-contact-forms/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/constant-contact-forms/unresolved/) * [Reviews](https://wordpress.org/support/plugin/constant-contact-forms/reviews/) * 38 replies * 6 participants * Last reply from: [dking64](https://wordpress.org/support/users/dking64/) * Last activity: [2 years, 11 months ago](https://wordpress.org/support/topic/security-issue-will-it-be-fixed/page/3/#post-16860922) * Status: resolved