Where can I download the code fix for the vulenerability?
An update on this topic would be much appreciated
Plugin Contributor
David G
(@gravid7)
Hello @kds26,
We’ve addressed and resolved the issue in the latest Booster version 7.2.5. The vulnerability was identified in older versions, but it has been fully patched in the new release.
You can view the patch status here:
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/woocommerce-jetpack/
Hi @gravid7 Patchstack still thinks you have a security issue: https://patchstack.com/database/wordpress/plugin/woocommerce-jetpack/vulnerability/wordpress-booster-for-woocommerce-plugin-7-2-5-unauthenticated-stored-cross-site-scripting-vulnerability?_a_id=431
It seems the WordFence thinks CVE-2024-12278 affects 7.2.4 and below and is patched, but this https://www.cve.org/CVERecord?id=CVE-2024-12278 thinks its 7.2.5 and below.
It’s great that it’s patched and is secure, just slightly frustrating that I get twice daily alerts saying it’s not.
Hi @gravid7 , just to let you know I spoke to Patchstack and they have updated their system so the alerts will go away now.
Plugin Contributor
David G
(@gravid7)
Hello @dooza,
The above security path has already been applied in the recent version. Can you please upgrade and check?
You can have at the complete list of security fixes here: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/woocommerce-jetpack
