Vulnerable on Current Version – 2.4.1

Resolved Peter
(@onjomax)

3 weeks ago

Hi Support,

I am reaching out to report a vulnerability on the current version of this plugin “WordPress WP Job Manager Plugin <= 2.4.1 is vulnerable to Broken Access Control” see link below for more details.

https://patchstack.com/database/wordpress/plugin/wp-job-manager/vulnerability/wordpress-wp-job-manager-plugin-2-4-1-broken-access-control-vulnerability

Could you please let us know when this can be fixed.

Thanks,

The page I need help with: [log in to see the link]

Viewing 12 replies - 1 through 12 (of 12 total)

Plugin Author Stephane Daury (stephdau)
(@stephdau)

3 weeks ago

Hi there, @onjomax

There was a miscommunication by the Patchstack author. The issue is actually fixed in 2.4.1; but we had not specifically mentioned it in the readme. I guess they didn’t check the code. 🤭

Thread Starter Peter
(@onjomax)

2 weeks ago

Hi @stephdau have you been able to hear back from patchstack?

emgb_520
(@emgb_520)

2 weeks ago

Hi – Is there any sort of ETA on when this plugin will no longer be flagged by Wordfence? I am not able to finish up what I am working on until it’s no longer flagged. Thank you!

Plugin Author Donncha O Caoimh (a11n)
(@donncha)

1 week, 5 days ago

I contacted Patchstack last week about this to tell them it’s an error but I haven’t heard back from them yet. Once they update their site Wordfence will do too.

p6rand
(@p6rand)

1 week, 5 days ago

Hey there!
Sander from Patchstack here — this got actually marked as patched a few moments ago:

https://patchstack.com/database/WordPress/Plugin/wp-job-manager/vulnerability/wordpress-wp-job-manager-plugin-2-4-0-broken-access-control-vulnerability

Plugin Author Donncha O Caoimh (a11n)
(@donncha)

1 week, 5 days ago

Thanks Sander! Glad that’s sorted out.

Donncha.

emgb_520
(@emgb_520)

1 week, 4 days ago

This is still showing up in the Wordfence scan as a security vulnerability.

Please help.

Thread Starter Peter
(@onjomax)

1 week, 4 days ago

@donncha Thank you all sorted from my side too.

emgb_520
(@emgb_520)

5 days, 18 hours ago

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wp-job-manager/job-manager-241-missing-authorization

emgb_520
(@emgb_520)

5 days, 13 hours ago

Why was my first comment not approved? This plugin is still being flagged. Can someone fix that, please?
Plugin Author Donncha O Caoimh (a11n)
(@donncha)

5 days, 10 hours ago
@emgb_520 your first comment was probably flagged because you left only a link. I’ve contacted Wordfence to ask them to remove that report. Just waiting on them to update their website.
- This reply was modified 5 days, 10 hours ago by Donncha O Caoimh (a11n).
emgb_520
(@emgb_520)

18 hours, 49 minutes ago

Great – could you please update this thread when it’s been updated? Thank you!

Viewing 12 replies - 1 through 12 (of 12 total)

You must be logged in to reply to this topic.