WordPress 6.4.1 | WordPress.org

Resolved pg-fun
(@pg-fun)

2 years, 1 month ago

WordPress WP Logo Showcase Responsive Slider and Carousel plugin <= 3.6 – Broken Access Control vulnerability

WordPress WP Logo Showcase Responsive Slider and Carousel plugin <= 3.6 – Broken Access Control vulnerability – Patchstack

Plugin now deactivated – are you awar eof this issue post the WordPress 6.4 and maintenance update 6.4.1

Viewing 10 replies - 1 through 10 (of 10 total)

Ketan Patel
(@patelketan)

2 years, 1 month ago

Hello,

Thanks for reaching here…

We have checked this link and that is not no information above WP Logo Showcase Responsive Slider and Carousel plugin <= 3.6. so please explain which issue for this plugin…

Thanks,
dumbpress
(@dumbpress)

2 years, 1 month ago
I was alerted by my security scan that I am having the same problem as everyone else is having. . Please patch this immediately
```
WordPress WP Logo Showcase Responsive Slider and Carousel plugin <= 3.6 - Broken Access Control vulnerability

Powered by

5.3

Medium Severity
CVSS 3.1 score

Not known to be exploited
Report an attack
Solution

No fix has been released for this vulnerability.

If no update is available, you should deactivate the plugin. Muting the issue will exclude it from future scans. Only mute the issue after you’ve confirmed the vulnerability does not affect your site.Deactivate PluginMute IssueDetails

Broken Access Control vulnerability discovered by Abdi Pranata (Patchstack Alliance) in WordPress Plugin WP Logo Showcase Responsive Slider and Carousel (versions <= 3.6)

SoftwareWP Logo Showcase Responsive Slider and Carousel

TypePlugin

Vulnerable versions<= 3.6

CVE

CVE-2023-40200

Classification

Broken Access Control

Publicly disclosed
November 9, 2023
```
- This reply was modified 2 years, 1 month ago by dumbpress.
Thread Starter pg-fun
(@pg-fun)

2 years, 1 month ago

WordPress WP Logo Showcase Responsive Slider and Carousel plugin <= 3.6 – Broken Access Control vulnerability – Patchstack
Thread Starter pg-fun
(@pg-fun)

2 years, 1 month ago
Click on details on the link

and
```
Details

Verified

Abdi Pranata discovered and reported this Broken Access Control vulnerability in WordPress WP Logo Showcase Responsive Slider and Carousel Plugin. A broken access control issue refers to a missing authorization, authentication or nonce token check in a function that could lead to an unprivileged user to executing a certain higher privileged action. This vulnerability has not been known to be fixed yet.

Software

WP Logo Showcase Responsive Slider and Carousel

Type

Plugin

PSID

6513d49257c3

Vulnerable versions

<= 3.6

Fixed in

N/A

CVE

CVE-2023-40200

Classification

Broken Access Control

OWASP Top 10

A1: Broken Access Control

Required privilege

Unauthenticated

Credits

Abdi Pranata

Publicly disclosed

9 November, 2023
```
stunnde
(@stunnde)

2 years, 1 month ago

I have the same issue on a clients website.

SolidWP reports this issue:

“WordPress WP Logo Showcase Responsive Slider and Carousel plugin <= 3.6 – Broken Access Control vulnerability.

Broken Access Control vulnerability discovered by Abdi Pranata (Patchstack Alliance) in WordPress Plugin WP Logo Showcase Responsive Slider and Carousel (versions <= 3.6)”

https://patchstack.com/database/vulnerability/wp-logo-showcase-responsive-slider-slider/wordpress-wp-logo-showcase-responsive-slider-and-carousel-plugin-3-6-broken-access-control-vulnerability?_a_id=431

Tim Derouin
(@tderouindesign)

2 years, 1 month ago

Any updates @patelketan?

Ketan Patel
(@patelketan)

2 years, 1 month ago

Hello,

Thanks for reaching out to us…

We have checked the vulnerability issue link but this link does not properly define the issue and does not define the exact issue for our plugin, so we are talking to the team for the vulnerability issue.

Thanks,
Thread Starter pg-fun
(@pg-fun)

2 years, 1 month ago
Wordfence now picking this issue – please resolve
- Plugin Name: WP Logo Showcase Responsive Slider and Carousel
- Current Plugin Version: 3.6
- Details: To protect your site from this vulnerability, the safest option is to deactivate and completely remove “WP Logo Showcase Responsive Slider and Carousel” until a patched version is available. Get more information.(opens in new tab)
- Repository URL: https://wordpress.org/plugins/wp-logo-showcase-responsive-slider-slider(opens in new tab)
- Vulnerability Information: https://www.wordfence.com/threat-intel/vulnerabilities/id/2931fda2-edc8-44ea-9fff-ae9d94aa01bf?source=plugin(opens in new tab)
- Vulnerability Severity: 5.3/10.0 (Medium)
Ketan Patel
(@patelketan)

2 years, 1 month ago

Hello,

We have checked the vulnerability issue link but we have solved this issue in the current version, We are talking Wordfence Patched team so we have sent an email to Wordfence. please be patience everyone.

Thanks,

Ketan Patel
(@patelketan)

2 years, 1 month ago

Hello,

We solved the security issue 2 months ago but Wordfence has not updated the database. we have talked to Wordfence by email and Wordfence updated the database so please check the Vulnerability Severity link all plugins perfectly working without any security issue…

Viewing 10 replies - 1 through 10 (of 10 total)

The topic ‘WordPress 6.4.1’ is closed to new replies.