WordPress Shortcoder Plugin <= 6.3 is vulnerable to Broken Access Control

Viewing 9 replies - 1 through 9 (of 9 total)
  • Plugin Author Imagevaakash

    (@vaakash)

    2 years ago

    Hi All,

    This is fixed in Shortcoder v6.3.1.

    Thanks

    Thread Starter Imagejatin426

    (@jatin426)

    2 years ago

    Thanks you for the quick support on this.

    Plugin Author Imagevaakash

    (@vaakash)

    2 years ago

    Thank you!

    ImageAlpesh

    (@alpesh_p2010)

    2 years ago

    Hi,

    Patchstack reports v6.3.1 also as vulnerable. Any update on this?

    Thanks!

    Plugin Author Imagevaakash

    (@vaakash)

    2 years ago

    Hi,

    Issue is already fixed. I don’t know why it is still open. I have already updated them with the fix and I don’t see it verified on their side.

    I can assure that the issue is fixed and there is nothing to worry. We can consider this cases as resolved.

    Thanks,

    Aakash

    Thread Starter Imagejatin426

    (@jatin426)

    2 years ago

    Thanks, its showing resolved on my side.

    ImageGioxx

    (@gioxx)

    1 year, 12 months ago

    Unfortunately, however, even according to WpScan it is still vulnerable, even in version 6.3.1: https://wpscan.com/vulnerability/e19a470c-7e8c-4193-8b91-0503f9d3d6d9/ 🙁

    Imagepavefe

    (@pavefe)

    1 year, 12 months ago

    I was going to ask something, but it seems it has already been addressed.

    • This reply was modified 1 year, 12 months ago by Imagepavefe.
    Plugin Author Imagevaakash

    (@vaakash)

    1 year, 12 months ago

    Hi all,

    The reported issue is already fixed in v6.3.1. It was a minor issue which causes no leak/loss.

    I’m following up with patchstack team to get this resolved ASAP.

    Thanks,

    Aakash

Viewing 9 replies - 1 through 9 (of 9 total)

The topic ‘WordPress Shortcoder Plugin <= 6.3 is vulnerable to Broken Access Control’ is closed to new replies.