Plugin Vulnerability | WordPress.org

Resolved tranxhdr
(@tranxhdr)

10 months, 3 weeks ago

Just got this warning notification from my ISP,

WP Engine summary of the vulnerability: This vulnerability allows any unauthenticated user to perform actions that only an administrator should be allowed to do.

This vulnerability’s information has been verified by Patchstack. Please note that questions related to this notification should be directed to Patchstack, the plugin author or the 3rd-party researcher for the most accurate information.

Resources providing further information on this vulnerability:

https://patchstack.com/database/vulnerability/meta-tag-manager/wordpress-meta-tag-manager-plugin-3-1-broken-access-control-vulnerability?_a_id=473

Viewing 1 replies (of 1 total)

Plugin Author Marcus
(@msykes)

10 months ago

Hello everyone, sorry for the late reply. We’ve just released 3.2 which fixes the vulnerability. This was a minor vulnerability which allowed authenticated users to view media attachment URLS according to ID.

If you store only images in your media, then there’s not much of implication here, it’d mainly be of concern for sites that may store sensitive files in the media library.

Viewing 1 replies (of 1 total)

The topic ‘Plugin Vulnerability’ is closed to new replies.

4 replies
2 participants
Last reply from: Marcus
Last activity: 10 months ago
Status: resolved