Security vulnerability: ETA for fix? | WordPress.org

Resolved daniel.vos
(@danielvos)

6 months, 1 week ago

Solid Security and Patchstack are reporting a “Broken Access Control” vulnerability affecting WordPress Uncanny Automator Plugin <= 6.5.0.2: https://patchstack.com/database/wordpress/plugin/uncanny-automator/vulnerability/wordpress-uncanny-automator-6-5-0-1-broken-access-control-vulnerability?_a_id=431

What is the ETA for a fix?

Viewing 1 replies (of 1 total)

Plugin Support Ken Young
(@uncannyken)

6 months, 1 week ago

Hi @danielvos,

Thanks for bringing this to our attention. This vulnerability was patched in version 6.5.0, released May 9. I traced our communication with Patchstack and while we told them a patch was imminent, unfortunately we didn’t confirm with them after the patch had been released. We’ve updated our changelog with the CVE number and notified Patchstack to update the vulnerability report, which will hopefully happen soon. We’ve updated our internal processes to make sure the communication loop gets closed on any vulnerability reports. Sorry for the inconvenience!

Ken

Viewing 1 replies (of 1 total)

The topic ‘Security vulnerability: ETA for fix?’ is closed to new replies.

2 replies
2 participants
Last reply from: Ken Young
Last activity: 6 months, 1 week ago
Status: resolved