Title: Vulnerabilities in the plugin Last modified: August 22, 2016 --- # Vulnerabilities in the plugin * Resolved [lilydart](https://wordpress.org/support/users/lilydart/) * (@lilydart) * [11 years, 2 months ago](https://wordpress.org/support/topic/vulnerabilities-in-the-plugin-3/) * Hi * Sorry for the public message, but I couldn’t find an email address for you. * I work at a web development agency with a speciality in WordPress security (more information at [http://security.dxw.com](http://security.dxw.com)). We’ve found some vulnerabilities in the plugin, would you accept a patch for those issues from us? * We are interested in using the Pro version of your plugin but would need those issues to be patched before we could, due to the nature of our clients content. * Thanks * Lily * [https://wordpress.org/plugins/wp-symposium/](https://wordpress.org/plugins/wp-symposium/) Viewing 13 replies - 1 through 13 (of 13 total) * Plugin Author [Robert Dempsey](https://wordpress.org/support/users/robertd62/) * (@robertd62) * [11 years, 2 months ago](https://wordpress.org/support/topic/vulnerabilities-in-the-plugin-3/#post-5852706) * Please go to [http://www.wpsymposiumpro.com/](http://www.wpsymposiumpro.com/) and we will glady answer your question there. And that problem you asked about above have been fixed for quite a while now. * Thread Starter [lilydart](https://wordpress.org/support/users/lilydart/) * (@lilydart) * [11 years, 2 months ago](https://wordpress.org/support/topic/vulnerabilities-in-the-plugin-3/#post-5852708) * Hi Robert * Sorry, bit confused – can’t see any contact details on that page? * Are you the plugin author? * Thanks * Lily * Plugin Author [Robert Dempsey](https://wordpress.org/support/users/robertd62/) * (@robertd62) * [11 years, 2 months ago](https://wordpress.org/support/topic/vulnerabilities-in-the-plugin-3/#post-5852713) * I run the support department for PRO. There is a Private message area under Profile in the menu and you do need to join there. Joining is free. But as I said theta problem in WPS was already fixed a while back. Pro Is a different plugin which is make the WP way. * Thread Starter [lilydart](https://wordpress.org/support/users/lilydart/) * (@lilydart) * [11 years, 2 months ago](https://wordpress.org/support/topic/vulnerabilities-in-the-plugin-3/#post-5852716) * Hi Robert * Really appreciate the quick responses. * However, I’m concerned about sending information about vulnerabilities through your system because of the vulnerabilities. * I would really appreciate if the registered plugin author could send me a message with an email address that I can report the vulnerabilities safely and responsibly through. It is possible that these issues have been resolved in the pro version, but there are quite a few in the free version, and just in case they are still in the pro version it would be best to report them securely. * Appreciate your help. * Thanks * Lily * Plugin Author [Robert Dempsey](https://wordpress.org/support/users/robertd62/) * (@robertd62) * [11 years, 2 months ago](https://wordpress.org/support/topic/vulnerabilities-in-the-plugin-3/#post-5852724) * are you saying you have found a vulnerability in WPSymposium? * Plugin Author [Robert Dempsey](https://wordpress.org/support/users/robertd62/) * (@robertd62) * [11 years, 2 months ago](https://wordpress.org/support/topic/vulnerabilities-in-the-plugin-3/#post-5852729) * and if so what version number are you talking about please * [megamenu](https://wordpress.org/support/users/megamenu/) * (@megamenu) * [11 years, 2 months ago](https://wordpress.org/support/topic/vulnerabilities-in-the-plugin-3/#post-5853036) * Hi, * I don’t actually use this plugin, but I installed the “Redirect” plugin on my website. It logs all 404’s. * One of the logs was from someone trying to access “​/wp-content​/plugins​/wp- symposium​/server​/php​/index.php” * and another: “/wp-content​/plugins​/wp-symposium​/server​/php​/bRQETihijSyNyD. php” * I thought I’d google it to see what the exploit is, and now I’m here. * Further googling found this: [http://www.exploit-db.com/exploits/35543/](http://www.exploit-db.com/exploits/35543/) * That’s it, maybe it’s fixed already but I can’t see a changelog, I just thought I’d let you know it’s being actively expoited so you can get a fix out (if you havent already). * Regards, Tom. * Plugin Author [Robert Dempsey](https://wordpress.org/support/users/robertd62/) * (@robertd62) * [11 years, 2 months ago](https://wordpress.org/support/topic/vulnerabilities-in-the-plugin-3/#post-5853037) * That was fixed some time ago thanks * [someone02](https://wordpress.org/support/users/someone02/) * (@someone02) * [11 years, 1 month ago](https://wordpress.org/support/topic/vulnerabilities-in-the-plugin-3/#post-5853045) * someone constantly scans and my website too * /wp-content/plugins/wp-symposium/readme.txt * if I understand correctly, they try to find sites where have already installed this plugin … * it is very confusing ((( * Thread Starter [lilydart](https://wordpress.org/support/users/lilydart/) * (@lilydart) * [11 years, 1 month ago](https://wordpress.org/support/topic/vulnerabilities-in-the-plugin-3/#post-5853047) * Sorry for the delay in responding, I’ve been away. * Yes, we have definitely found a vulnerability. I’m not comfortable disclosing what that is here or on your website forums. The vulnerability is in version 15.1 from the plugin hosted on the codex. * Please can I have an email address to disclose the information about this vulnerability to. If I email [security@wpsymposium.com](https://wordpress.org/support/topic/vulnerabilities-in-the-plugin-3/security@wpsymposium.com?output_format=md) will you receive it? * Plugin Author [Robert Dempsey](https://wordpress.org/support/users/robertd62/) * (@robertd62) * [11 years, 1 month ago](https://wordpress.org/support/topic/vulnerabilities-in-the-plugin-3/#post-5853048) * Please send any and all info to [simon@wpsymposium.com](https://wordpress.org/support/topic/vulnerabilities-in-the-plugin-3/simon@wpsymposium.com?output_format=md) Thank you Robert * Plugin Author [Simon Goodchild](https://wordpress.org/support/users/simongoodchild/) * (@simongoodchild) * [11 years, 1 month ago](https://wordpress.org/support/topic/vulnerabilities-in-the-plugin-3/#post-5853057) * Hi, I’m not sure if this is the same issue, but the vulnerability with upload types was fixed with a release. To confirm the link above relates to a previous version. Therefore, as with all plugins, please ensure you are running the latest version. Thanks 🙂 * Plugin Author [Simon Goodchild](https://wordpress.org/support/users/simongoodchild/) * (@simongoodchild) * [11 years, 1 month ago](https://wordpress.org/support/topic/vulnerabilities-in-the-plugin-3/#post-5853058) * Of course, I should add, that any vulnerability issues can be sent in confidence to [support@wpsymposium.com](https://wordpress.org/support/topic/vulnerabilities-in-the-plugin-3/support@wpsymposium.com?output_format=md) if preferred. Viewing 13 replies - 1 through 13 (of 13 total) The topic ‘Vulnerabilities in the plugin’ is closed to new replies. * ![](https://s.w.org/plugins/geopattern-icon/wp-symposium_246fc2.svg) * [Author: WP Symposium](https://wordpress.org/plugins/wp-symposium/) * [Frequently Asked Questions](https://wordpress.org/plugins/wp-symposium/#faq) * [Support Threads](https://wordpress.org/support/plugin/wp-symposium/) * [Active Topics](https://wordpress.org/support/plugin/wp-symposium/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/wp-symposium/unresolved/) * [Reviews](https://wordpress.org/support/plugin/wp-symposium/reviews/) * 13 replies * 5 participants * Last reply from: [Simon Goodchild](https://wordpress.org/support/users/simongoodchild/) * Last activity: [11 years, 1 month ago](https://wordpress.org/support/topic/vulnerabilities-in-the-plugin-3/#post-5853058) * Status: resolved