vulnerable to unauthorized access

  • Resolved Md. javed

    (@mdjaved15)


    3 weeks ago

    I got this message from Wordfence, I just want to update.
    The Ultimate Member plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 2.11.3. This makes it possible for unauthenticated attackers to perform an unauthorized action.

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Support Yurii

    (@yuriinalivaiko)

    3 weeks ago

    Hello @mdjaved15

    This is not vulnerability from the UM. It was added by accident. We are communicating with the patchstack and trying to resolve this misunderstanding.

    Regards.

    Plugin Support Yurii

    (@yuriinalivaiko)

    2 weeks, 6 days ago

    Hello @mdjaved15

    We were able to contact the patchstack team and explain that there is no such vulnerability. They removed the wrong note on their site, so you can safely use our plugin.

    Regards.

    Plugin Support Yurii

    (@yuriinalivaiko)

    2 weeks, 1 day ago

    Hi @mdjaved15

    This thread has been inactive for a while so we’re going to go ahead and mark it Resolved.

    Please feel free to re-open this thread if any other questions come up and we’d be happy to help. 🙂

    Regards

Viewing 3 replies - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.