Security Vulnerability | WordPress.org

Resolved hadean
(@hadean)

11 months, 2 weeks ago

Hi, I’m trying out the free version of the plugin on my site before buying.

A scan with WordFence shows that it has a critical security vulnerability that allows remote php execution on attachments, that hasn’t been patched. https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/bft-autoresponder

Is there a patch on the way, any advice?

Thanks

Viewing 2 replies - 1 through 2 (of 2 total)

Plugin Author Bob
(@prasunsen)

11 months, 2 weeks ago

This is fixed now in 2.7.2.6

Thread Starter hadean
(@hadean)

11 months, 1 week ago

Ok, thank you, please make sure it appears as patched in the vulnerability database of wordfence as it produces a false positive in the scan. I have to make sure, as I will deploy the paid version in large scale production site.

Thanks again

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Security Vulnerability’ is closed to new replies.

Tags

security issue

3 replies
2 participants
Last reply from: hadean
Last activity: 11 months, 1 week ago
Status: resolved