Security Issue | WordPress.org

Kevin Pfeifer
(@beardcat)

8 months ago

See https://patchstack.com/database/wordpress/plugin/booking-system/vulnerability/wordpress-pinpoint-booking-system-plugin-2-9-9-5-2-broken-access-control-vulnerability

Viewing 5 replies - 1 through 5 (of 5 total)

Plugin Author Marius
(@mariuscristian)

7 months, 4 weeks ago

Hi,

Can you duplicate the issue?

Thank you

Thread Starter Kevin Pfeifer
(@beardcat)

7 months, 4 weeks ago

I have not looked into the CVE in detail since you as the plugin author should have gotten more details on what the exact problem is.

I only post this, since my monitoring tool marks my websites as having a security issue due to this CVE.

Plugin Author Marius
(@mariuscristian)

7 months, 4 weeks ago

There are no specific details provided, but I can assure you that we are not aware of any scenario in which one user can access another user’s data.

We take data privacy and security very seriously. If you have any additional information or concerns, please feel free to share them so we can investigate further.

Darius Sveikauskas (Patchstack)
(@darius_fx)

7 months, 4 weeks ago

@mariuscristian here’s a copy of reply to the email I’ve sent to the vendor:

Support Pinpoint.world support{}pinpoint{}world
Aug 4, 2024, 8:59 PM
to me

Hi Darius,

Thanks for letting us know.

Best regards,
Ovidiu
PINPOINT.WORLD Support Team

And we had long conversation about this and another vulnerability. So I’m not sure how you can be unaware.

Plugin Author Marius
(@mariuscristian)

7 months, 3 weeks ago

Hi Darius,

We’ve had several conversations about other issues that appeared to be related to this one, and those have already been resolved. Probably I’m missing something. I’ll review the previous exchanges again to make sure nothing was missed.

Regards, Marius

Viewing 5 replies - 1 through 5 (of 5 total)

The topic ‘Security Issue’ is closed to new replies.