I’m guessing this vulnerability was reported by WordFence a month ago (because I’m seeing it on the free plan) and no action taken so far, so it’s not looking good.
Anonymous User 21060144
(@anonymized-21060144)
How is it possible that the developer has not replied to this after days? that is really very bad. you rarely experience that with a security problem.
I’m guessing they don’t even monitor this forum, only support tickets from paying customers.
Hello, but the vulnerability requires the condition that a user with shop manager role exploits it.
Good point, WordFence is hyperventilating a bit when calling it a “critical” vulnerability (not for the first time). I’m still looking for replacements though, because even though the scope is limited the severity is potentially high.
Plugin Author
ronyp
(@ronyp)
Hello,
We have recently released a new version with a fix for the vulnerable to Broken Access Control.
Kindly please upgrade your plugin for the same.
Kind Regards,
RonyP
In a way, this vulnerability was somewhat serious, but not as much as the impact that Wordfence or iThemes have when disclosing it in that manner, considering that many times users do not read the entire article.
Plugin Author
ronyp
(@ronyp)
Hello,
First of all my sincere apologies for the security vulnerability. We have worked for almost a year to fix all possible security vulnerabilities.
@phil-mckerracher The security glitch was found on the 2nd version, released on the 26th of last month. The patchstack reported an issue on the 01st August and we have fixed it and released it within a week. Regarding the forum, we regularly check the threads and take action according to the weightage of the topic.
@danielbmxd Thank you for raising the point of reality. Thank you all guys again for your patience and support.
Kind Regards,
Rony P – Booster Support Team
