Hello,
Thank you for reaching out and thank you for taking the time to report this.
We’ve checked this and confirmed. This security issue has a low severity impact, hwoever we are aware of this and working on a fix that will be released as soon as possible.
Thank you again for reporting this, and this will be patched soon!
Thanks!
From what I gather the listed update addresses two security vulnerabilities
Fix: Patch broken access control for Image Service AJAX operations
Fix: Patch mfunc security vulnerability
One of these security vulnerabilities is a lower threat and was what the thread is about. It is rated as a low severity by Patchstack.
The other vulnerability is new and has not been fully disclosed. It has a VERY high rating of 9.8 and is recommended to update your website immediately or if not possible, disable the plugin.
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/w3-total-cache/w3-total-cache-291-unauthenticated-arbitrary-code-execution
Currently it has not been confirmed if 2.9.2 solves this issue above as we wait for WordFence & Patchstack to update the database.
Hello @gmariani405 @dharma23
Thank you for reaching out and I am sorry about the issues you have had with posting the comments.
I would like to assure you that only the Forum moderators or staff have the authority to remove or edit posts. No plugin contributors or moderators are allowed or have any ability to do this!
@jdembowski Can you please share any insights on this?
The vulnerability report issue was fixed in the latest 2.9.2 patch, so please make sure to update the plugin to the latest release and let me know if you are still experiencing reports for vunerability
@beee I am sorry about the issue you experienced after the update. I’ve updated the plugin in all of our instances and have not experienced any crashes. Possibly some files did not update correctly. Can you pelase let me know if you can try again or update the plugin manually?
Can you please clarify the issue and share the website URL so I can check this for you?
Thanks!
If you are not the original person reporting their problem then please do not add “I have this problem too”. Those many replies have been removed.
To keep things organized and make sure you get the best support, we ask that each person open their own topic rather than adding to someone else’s.
The forum guidelines explain why here:
https://wordpress.org/support/forum-user-guide/faq/#i-have-the-same-problem-can-i-just-reply-to-someone-elses-post-with-me-too
You can subscribe to a topic in the sidebar via the “Subscribe” link.
If you need support then please start your own topic. If this continues then this topic will be closed.
The vulnerability report issue was fixed in the latest 2.9.2 patch, so please make sure to update the plugin to the latest release and let me know if you are still experiencing reports for vunerability
Then this topic is closed.
