Security issues

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author adamskaat

    (@adamskaat)

    1 year, 4 months ago

    Dear @lmverberne,

    Thank you for connecting us.
    Could you please give more details file and lines where you found some issue?
    You have mentioned <= 2.3.2 but our plugin’s latest version is 2.4.7

    Are those issues exist on our latest version?

    Thread Starter lmverberne

    (@lmverberne)

    1 year, 4 months ago

    My WordPress.org website is fully up to date. Countdown version 2.4.8. I have Jetpack Protect running to monitor any vulnerabilities. I know there’s a difference between the countdown version 2.4.8. and the title of the messages, but this is the only information I got. With regards to Countdown it shows two issues:
    Countdown & Clock <= 2.3.2 – Admin+ Stored Cross-Site Scripting. The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed See more technical details of this threat.
    Countdown & Clock <= 2.3.2 – Pro Features Lock Bypass
    The plugin does not properly lock its Pro features which could allow high privilege users such as admin to bypass the restriction and use themSee more technical details of this threat

    I hope this helps.

    Lucas

    Plugin Author adamskaat

    (@adamskaat)

    1 year, 4 months ago

    Dear @lmverberne,

    I dont know why it’s showing old version issues, but in my opinion, currently, we dont have like that issue.

    Thanks a lot, if you will have any suggestions or questions please write in a new thread.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Security issues’ is closed to new replies.