Title: Security Vulnerability Last modified: August 30, 2016 --- # Security Vulnerability * Resolved [ethicalhack3r](https://wordpress.org/support/users/ethicalhack3r/) * (@ethicalhack3r) * [10 years, 10 months ago](https://wordpress.org/support/topic/security-vulnerability-6/) * Hi, * Ryan from wpvulndb.com here. * We’ve had a report of a public vulnerability in the wp-swimteam plugin. I could not find your email address so I am making you aware of it here. * I have not verified this vulnerability. * The public report is here: [http://www.vapid.dhs.org/advisory.php?v=134](http://www.vapid.dhs.org/advisory.php?v=134) * Thanks, Ryan * [https://wordpress.org/plugins/wp-swimteam/](https://wordpress.org/plugins/wp-swimteam/) Viewing 7 replies - 1 through 7 (of 7 total) * Plugin Author [Mike Walsh](https://wordpress.org/support/users/mpwalsh8/) * (@mpwalsh8) * [10 years, 10 months ago](https://wordpress.org/support/topic/security-vulnerability-6/#post-6292767) * You must not have looked very hard for my email address since it appears in the header of every file in the plugin. * I will take a look at this over he weekend. * Thread Starter [ethicalhack3r](https://wordpress.org/support/users/ethicalhack3r/) * (@ethicalhack3r) * [10 years, 10 months ago](https://wordpress.org/support/topic/security-vulnerability-6/#post-6292776) * I did not download the plugin. I checked your WordPress profile and your website. * You’re welcome by the way. >_> * Plugin Author [Mike Walsh](https://wordpress.org/support/users/mpwalsh8/) * (@mpwalsh8) * [10 years, 10 months ago](https://wordpress.org/support/topic/security-vulnerability-6/#post-6292805) * Don’t get me wrong, I appreciate the heads up and I will fix it. What I took issue with is the lack of attempt to contact me. I am pretty easy to find. * What is your affiliation with Vapid Labs? * I have attempted to replicate the vulnerability on my own site and I cannot as I don’t know the value to use for the ABSPATH argument. Without this value, the PHP simply fails. I suspose on some sites the value could be guessed but on many it won’t be easy to do so. * Plugin Author [Mike Walsh](https://wordpress.org/support/users/mpwalsh8/) * (@mpwalsh8) * [10 years, 10 months ago](https://wordpress.org/support/topic/security-vulnerability-6/#post-6292815) * [Fixed in v1.45-beta-3](http://michaelwalsh.org/blog/2015/07/wp-swimteam-v1-45-beta-3-now-available/) which will be released to production fairly soon. * [larry0](https://wordpress.org/support/users/larry0/) * (@larry0) * [10 years, 10 months ago](https://wordpress.org/support/topic/security-vulnerability-6/#post-6292839) * My sincere apologies Mike, the mail I attempted to send you was stuck on my mail relay do to a hardware failure. I’ve been conditioned to expect that most developers ignore or don’t respond to my emails. * Plugin Author [Mike Walsh](https://wordpress.org/support/users/mpwalsh8/) * (@mpwalsh8) * [10 years, 10 months ago](https://wordpress.org/support/topic/security-vulnerability-6/#post-6292937) * I have released v1.45 which addresses this security problem. * [larry0](https://wordpress.org/support/users/larry0/) * (@larry0) * [10 years, 10 months ago](https://wordpress.org/support/topic/security-vulnerability-6/#post-6292938) * Thanks Mike! Viewing 7 replies - 1 through 7 (of 7 total) The topic ‘Security Vulnerability’ is closed to new replies. * ![](https://s.w.org/plugins/geopattern-icon/wp-swimteam.svg) * [Swim Team](https://wordpress.org/plugins/wp-swimteam/) * [Frequently Asked Questions](https://wordpress.org/plugins/wp-swimteam/#faq) * [Support Threads](https://wordpress.org/support/plugin/wp-swimteam/) * [Active Topics](https://wordpress.org/support/plugin/wp-swimteam/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/wp-swimteam/unresolved/) * [Reviews](https://wordpress.org/support/plugin/wp-swimteam/reviews/) * 7 replies * 3 participants * Last reply from: [larry0](https://wordpress.org/support/users/larry0/) * Last activity: [10 years, 10 months ago](https://wordpress.org/support/topic/security-vulnerability-6/#post-6292938) * Status: resolved