Security Vulnerability

  • emswpuser

    (@emswpuser)


    6 months, 2 weeks ago

    Patchstack released a report on a WP Email Template plugin security vulnerability. Please let us know when you’ll release a patch. Thank you.

    The page I need help with: [log in to see the link]

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Steve Truman

    (@a3rev)

    6 months, 2 weeks ago

    Thanks @emswpuser

    First I’ve heard of this and I can see why Patchstack has not notified us directly and discreetly as they normally do when a vulnerability is reported. From the Patchstack link you posted, this appears to be a theoretical report as there is no proof-of-concept. The patchstack link you shared states:

    SolutionsThis security issue has a low severity impact and is unlikely to be exploited.

    I’ve reviewed the public advisory which currently contains only a generic CSRF classification with that low severity and no proof-of-concept or affected endpoint. I’ve reached out to Patchstack for exact reproduction steps so we can evaluate and, if needed, issue a fix. If you have any additional technical details (endpoint, parameters, required state), please share so we can verify promptly.

    Steve

    Thread Starter emswpuser

    (@emswpuser)

    6 months, 2 weeks ago

    Hi Steve,

    Thank you for the quick reply. I don’t have any other information. I hope Patchstack can provide you with further details.

    Thanks.

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Security Vulnerability’ is closed to new replies.