We understand your concern and regret the inconvenience. Actually the plugin has not removed completely from WordPress, instead, we are working on the security feature, which would be a major update for our plugin.
You would be able to see our plugin back again within 3-5 working days and everything will be working perfectly with the addition of more secure than before.
Hence, request you to please cooperate for these 3-5 days.
Hi @chekki,
We are working really hard to fix them and get back as soon as possible.
Could you please elaborate more on how serious is the vulnerability?
Hi @chekki,
There were some minor security features that we need to integrate into our plugin, So hopefully it will be up and running in a couple of days
Hi @szmigieldesign,
No serious issues, to be honest, There are just small changes we need to do and our lead developers are already working on it and it will be available in a few days.
Pretty scary stuff. Hey, @ampforwp, would you care to elaborate on @adpawl findings?
Hi @adpawl,
I too believe that there were some securities issues related to our plugin and to be honest we work really hard to solve the users and if only one user requests us to build a feature we don’t ignore thinking that it’s only one user is requesting out of 150,000+ users and neglect them but we do try our best to add that feature for that users.
And maybe because of a lot of features we missed on this few securities issues BUT our lead developers have already fixed them and now there are testing it and today we are going to send to review again and hopefully, you will see our AMP plugin in wordpress.org very soon.
@ampforwp, while it’s understandable that more features lead to more difficulties in keeping the plugin secure, some vulnerabilities found by sybrew are anything but minor.
To quote the link provided by @adpawl:
I’ve found various exploitable points in a twenty-minute scan, these exploits notoriously include file injections, backdoor file downloading (including wp-config.php), DDoS vulnerability, database upgrading, options-and post-metadata overwriting, bandwidth exploitation (full WP media-library downloads), and unfiltered WordPress post injections.
All these exploits do not require any administrative privileges.
Aside from this, they embed the Redux framework, but they’re not keeping it fully up-to-date. I didn’t bother scanning this thorougly, but you can also adjust a few site options in there.
This is very serious, and I believe that you, as a developer, should provide a honest and deep explanation and issue a warning to all users, asking them to update the plugin ASAP and cease to use unsecured versions.
It’s beyond my comprehension why, under such circumstances, did you write:
No serious issues, to be honest
Hi @szmigieldesign,
As a developer, I don’t think it’s serious and the user’s need to worry about that at all because we have already fixed them and our lead developers are making sure that it is fixed in the right way. I do believe that we didn’t notice this security but we didn’t stop after the plugin is closed we keep on making our plugin as secure as possible and you will see our AMPforWP plugin live very soon.
Be patient and understanding. Life is too short to be vengeful or malicious.
Hi @szmigieldesign
This is Ahmed, Lead developer of the AMPforWP.
I totally agree that it’s a very serious issue and we are taking necessary measures to solve them.
It should be solved by today, and we are going to submit it for the review.
Once it’s released, we will give an honest and deep explanation of this situation and what are the steps we are taking to make it future proof.
I am extremely sorry for the inconvenience that this is causing to the users.
Sorry, I am a bit confused now. One of the developer says, it is not serious. The lead developer calls it serious. How serious is this issue finally?
As a developer, I don’t think it’s serious and the user’s need to worry about that at all because we have already fixed them and our lead developers are making sure that it is fixed in the right way.
I totally agree that it’s a very serious issue and we are taking necessary measures to solve them.
Hi @schmidt25,
It was a serious issue but we have already fixed it and also submitted for the review and hopefully, it will be live in a couple of days.
