Plugin Support
Dani
(@devdani)
Hello merzakabderrahim,
Thank you for bringing this to our attention. We’ve reviewed the details in the Wordfence database and confirmed the report. A security patch addressing this issue will be released within this week.
Plugin Support
Dani
(@devdani)
I wanted to provide an update regarding the previously reported vulnerability. The report has now been removed from the Wordfence vulnerability database.
After reviewing the issue, it became clear that it was not actually a vulnerability. The report, originally from Patchstack, flagged the ability for users with the contributor role to add a standard hyperlink to a draft post as a vulnerability. This behavior is expected and consistent with how the WordPress editor functions.
We contacted Patchstack to clarify the situation, and the CVE ID associated with this report has been removed. As a result, Wordfence, which used Patchstack as a source, has also updated their database and removed the vulnerability.
