Security vulnerability | WordPress.org

johnclearmoonstudio
(@johnclearmoonstudio)

5 months, 3 weeks ago

I use your plugin and just received this alert, hoping you are working on a solution? https://patchstack.com/database/wordpress/plugin/wp-store-locator/vulnerability/wordpress-wp-store-locator-plugin-2-2-260-php-object-injection-vulnerability

The page I need help with: [log in to see the link]

Viewing 4 replies - 1 through 4 (of 4 total)

caordawebsol
(@caordawebsol)

5 months, 3 weeks ago

This is high risk – needs patching sooner rather than later… thanks!

farroyo
(@farroyob)

5 months, 3 weeks ago

Hi there @johnclearmoonstudio and @caordawebsol, thanks for writing.

Some of our users, like you, have contacted us with this concern. We appreciate the feedback. Our development team is already looking into it, and if they find it to be a legitimate vulnerability, we expect to release a patched version soon.

Best regards,

Plugin Author Tijmen Smit
(@tijmensmit)

5 months, 3 weeks ago

We are working on a fix for this.

Plugin Author Tijmen Smit
(@tijmensmit)

5 months, 3 weeks ago

Submitted a fix to Patchstack for them to review, hopefully they will update their page soon.

Viewing 4 replies - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.

5 replies
4 participants
Last reply from: Tijmen Smit
Last activity: 5 months, 3 weeks ago
Status: not resolved