• Resolved alexDx

    (@alexdx)


    We are getting a critical message on all our sites that the a3 lazy load plugin has a security vulnerability. Can you please advise if there is a planned update for this? Otherwise I will be removing this plugin from 260 of my websites.

Viewing 10 replies - 1 through 10 (of 10 total)
  • Plugin Author Steve Truman

    (@a3rev)

    Hello @alexdx

    Thank you for your report – please go to our website https://a3rev.com/contact-us-page/ and send me an email with the details of what you are seeing.

    In the email please send the details of what you have found.

    We need to know what the vulnerability is, how we might reproduce it and a site you are seeing the issue on.

    Please don’t post any of those details on here so we have the time to resolve the issue and put out a patched version of indeed it is not a false positive.

    Thank you
    Steve

    I’m getting the same vulnerability message. Mine is from the WordFence Security plugin. It may or not be a false positive. I will also send an email to the contact page you listed above. Thanks.

    Plugin Author Steve Truman

    (@a3rev)

    Hello @wpkevin12,

    Thank you – we have been able to get the same vulnerability message from running a Wordfence scan – it is for a ‘known’ vulnerability which is news to me. I have emailed Wordfence support to report the issue and as them what it is about.

    We are putting a new version 2.6.1 out that has a very low-level vulnerability patch that we were aware of in the plugin framework and guessing that is what is causing the issue.

    As soon as it is out we will test and see if that is it while we wait to hear from Wordfence.

    I’ll keep you and @alexdx updated on here.

    Thank you
    Steve

    Plugin Author Steve Truman

    (@a3rev)

    @wpkevin12 @alexdx,

    Ok so we have put out version 2.6.1 with what we thought may have been triggering the Wordfence Vulnerability scan report – but no it was not that.

    I am sorry – we just have to wait now for Wordfence to actually inform us of why they are returning that. There is no vulnerability that we are aware of at this stage. If we did know we would fix it. I mean we are Wordfence Premium customers and run Wordfence and a3 Lazy Load on our own and all of our customer sites, so I’m just as keen as anyone to get to the bottom of this.

    I am tagging the Wordfence team here, to try and get some help because I cannot get a response from them via email and I am locked out of my Wordfence account after doing just 2 login attempts and a password reset and attempting to log in with the new password.

    @mmaunder, @mbarry, @wfryan, @wfmattr

    Thank you
    Steve

    • This reply was modified 1 year, 7 months ago by Steve Truman.

    Thanks for the fast response!

    @a3rev: Sorry for the trouble — we got your message overnight for most of our team. We’ll be back in touch via email.

    -Matt R

    Plugin Author Steve Truman

    (@a3rev)

    Hello @alexdx @wpkevin12

    I have been contacted by the Wordfence team. Please upgrade to the Wordfence version 7.7.1 and you will see that a3 lazy Load no longer appears as a vulnerability in the scan results.

    Thank you to the Wordfence team for quickly resolving the issue. @wfmattr

    Steve

    Thanks again, Steve!

    I have to say, your incredibly rapid and consistent responses are impressive and appreciated!

    I actually just wrote a 5 star review about you and your plugin, and invite anyone else that feels the same to do the same here: https://wordpress.org/support/plugin/a3-lazy-load/reviews/

    Thread Starter alexDx

    (@alexdx)

    Thank you @a3rev & @wfmattr!

    Plugin Author Steve Truman

    (@a3rev)

    Hi @alexdx @wpkevin12

    Thank you both for the 5-star reviews and recommendations. Pleased we were able to get the issue quickly sorted out.

    Steve

Viewing 10 replies - 1 through 10 (of 10 total)
  • The topic ‘Security Vulnerablity’ is closed to new replies.