Support, my latest Wordfence security scan came up with a security vulnerability for the Webman Amplifier plugin.
“The Plugin “WebMan Amplifier” has a security vulnerability.”
More Info:
The WebMan Amplifier plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.5.12 due to insufficient input sanitization and output escaping.
This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Any chance of a plugin update/patch to fix this?
Best!
– RObert
- This topic was modified 1 month ago by
. Reason: Formatting text
- This topic was modified 1 month ago by
Hello!
Have you noticed this support service is provided free of charge?
If you like the speed and accuracy of the resolutions, please consider supporting me with a donation. Thank you!
Hi RObert,
Thank you for reporting this.
I’m not aware of any vulnerability in the plugin, and it was actually coded with security in mind. But I will certainly go through the plugin’s code and tighten some bolts wherever needed and will release the plugin update soon.
However, please understand that I can’t really say whether Wordfence stops reporting the issue afterwards.
Best regards,
Oliver Juhas
WebMan Design
BTW, from the description of the issue, it seems it happens only in admin interface. This means, if you don’t allow user registration on your website, you should be safe even currently.
Best regards,
Oliver Juhas
WebMan Design
Hi robwas66,
I’ve just released WebMan Amplifier 1.6.0 update. This is a significant plugin update with improved security. If you find any issue, please report it here. Thank you.
Best regards,
Oliver Juhas
WebMan Design
Hello!
Have you noticed this support service is provided free of charge?
If you like the speed and accuracy of the resolutions, please consider supporting me with a donation. Thank you!
You must be logged in to reply to this ticket.