Critical Vulnerability. A Response Needed! | WordPress.org

DJA_440
(@dja_440)

6 months ago

Hi, i’ve seen another thread on this but no reply from the Plugin author @rico-macchi. I can’t tag him either for some reason.

Following this notice originating from my Wordfence instances: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wp-links-page

I’ve gone through all the sites i have it installed on and disabled / deactivated the plugin but as i really like the look and feel of the plugin i would much rather stick with it.

Can anyone confirm if a patch is being made available for 4.9.6?

Viewing 5 replies - 1 through 5 (of 5 total)

Plugin Author Rico Macchi
(@rico-macchi)

5 months, 3 weeks ago

Hello,

I am working on a solution and should be ready in a few days.

Thank you

Thread Starter DJA_440
(@dja_440)

3 months, 3 weeks ago

Hi @rico-macchi – i was checking up on things and see this thread as not resolved. Was the vulnerability patched and if so on which version? I have the plugin disabled at the moment – is that enough to stop the vulnerability being exploited or is deletion the better route?

Plugin Author Rico Macchi
(@rico-macchi)

3 months, 3 weeks ago

This thread is for the free version and yes you will be safe just disabling the plugin.

Fix should be coming shortly

Thread Starter DJA_440
(@dja_440)

3 months, 3 weeks ago

Thanks, @rico-macchi – i understand this is for the free version. When i made the thread a couple of months ago you mentioned a fix would be along in “a few days”. Is the pro plugin safe and patched?

Plugin Author Rico Macchi
(@rico-macchi)

3 months, 3 weeks ago

It’s taking longer than expected, and no the pro versions are not patched yet. Hopefully soon.

Viewing 5 replies - 1 through 5 (of 5 total)

You must be logged in to reply to this topic.

Tags

sql

6 replies
2 participants
Last reply from: Rico Macchi
Last activity: 3 months, 3 weeks ago
Status: not resolved