Plugin Vulnerability

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Author WP CodeUs

    (@wpcodeus)

    5 months, 3 weeks ago

    Hi Jason,

    Thank you for bringing this to our attention. Unfortunately we’re looking at possibly sunsetting Ultimate Client Dash due to our bandwidth not being able to give it the attention that it needs.

    This isn’t a final decision but wanted to bring it to your attention in case you need to make plans with your websites.

    Thread Starter Jason Ryan

    (@viablethought)

    5 months, 3 weeks ago

    @wpcodeus

    That is really unfortunate to hear, are you going to update the plugin to resolve the current vulnerability or should we start removing the plugin from all of our client websites now?

    Thanks

    Plugin Author WP CodeUs

    (@wpcodeus)

    5 months, 3 weeks ago

    @viablethought Now that we’re aware a patch was created last night by our team and will be release later this morning to remove the current vulnerability. All it is a the landing page button text fields needs to be sanitized so to not allow scripts so it not anything crazy and still requires admin access.

    Again, sunsetting isn’t official but it is something we’re talking about internally due to our heavy workload. Security updates will still be made as normal until then.

    • This reply was modified 5 months, 3 weeks ago by Yui.
    • This reply was modified 5 months, 3 weeks ago by WP CodeUs.
    Thread Starter Jason Ryan

    (@viablethought)

    5 months, 3 weeks ago

    Ok, thank you.

    Plugin Author WP CodeUs

    (@wpcodeus)

    5 months, 3 weeks ago

    Hey Jason,

    Just giving you a quick update that we have released the patch in UCD 4.7.

    Have a great rest of your day and thank you again for bringing this to our attention.

Viewing 5 replies - 1 through 5 (of 5 total)

You must be logged in to reply to this topic.