Plugin Security Risks (CSRF)

  • Resolved orbitmedia

    (@orbitmedia)


    1 month ago

    WPEngine is flagging the current version of this plugin to pose a security risk. Will this be fixed in the next release?


    New User Approve <= 3.2.3 is vulnerable to Cross-Site Request Forgery (CSRF)
    Severity: low (7.1)
    Exploited: No
    Fixed in: No fix yet
    Security risk: csrf. This vulnerability allows an attacker to target privileged authenticated users with malicious links that make authenticated requests to WordPress on behalf of the user. An attacker could use this vulnerability to modify site configuration, including adding backdoors such as other WordPress administrators.

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Support muddasirhayat

    (@muddasirhayat)

    1 month ago

    Hi @orbitmedia,

    Thank you for reporting this and for sharing the details from WP Engine.

    We’re aware of the CSRF warning in the current version and are actively working on addressing it. A fix is in progress and will be included in an upcoming release. We’ll update the plugin and this thread as soon as the patch is available.

    We appreciate your patience and your help in keeping the plugin secure.

    Best regards,
    WPExperts Support Team

    Thread Starter orbitmedia

    (@orbitmedia)

    1 month ago

    That’s what I was hoping for, thank you.

    Plugin Support muddasirhayat

    (@muddasirhayat)

    4 weeks, 1 day ago

    Hi @orbitmedia,

    Thank you for your patience.

    The updated plugin has now been released with fixes for the reported vulnerability. Please update to the latest version, either directly from your WordPress dashboard or by manually updating the plugin on your site.

    If you have any questions or notice anything unexpected, please don’t hesitate to let us know. We really appreciate you bringing this to our attention.

    Thank you,
    WPExperts Support Team

    Plugin Support muddasirhayat

    (@muddasirhayat)

    1 week ago

    Hi @orbitmedia,

    Just a quick update. We will be closing this thread for now.

    If you have any further questions or need assistance, please feel free to open a new thread and we will be happy to help.

    Best regards,
    WPExperts Support Team

Viewing 4 replies - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.