PluginUs.Net - Business Tools for WooCommerce and WordPress

[realize your idea - make your dreams come true]

Support Forum

You need to log-in to create request (topic) to the support

Security warning with plugin version 2.1.9?

This support system is for all types of the plugins as for premium versions, so for free ones! If you have premium version do not forget in the private data of the request (!!not in the text of the support request!!) after its publishing insert purchase code please (see blue-green button on the right side) and press Save button.
If you not got email within 24~36 business hours, firstly check your spam box, and if no any email from the support there - back to the forum and read answer here. DO NOT ANSWER ON EMAILS [noreply@pluginus.net] FROM THE FORUM!! Emails are just for your info, all answers should be published only here.
The support doesn work on Saturdays and Sundays, so some Friday requests can be answered on Monday.

Hi there.

So it seems like we are using some sort of paid version of a plugin? (Unclear, I was handed over this website a while back). Not sure if the plugin came pre-loaded with the theme or not.

We then got this recent message from WP Engine security scan:

At WP Engine we take the security of your sites very seriously, and make every effort to keep our customers aware of any potential security risks. We are reaching out to you today because we identified your site(s), (techwarn), is (are) utilizing a vulnerable version of the MDTF plugin.

According to the author of this plugin, this issue has been patched in a recent update to the plugin.

WP Engine summary of the vulnerability: This vulnerability allows an attacker to target privileged authenticated users with malicious links that make authenticated requests to WordPress on behalf of the user. An attacker could use this vulnerability to modify site configuration, including adding backdoors such as other WordPress administrators.

Plugin Authors' summary of the vulnerability and patch (changelog): Please note that questions related to this documentation should be directed to the plugin Author and not WP Engine: https://wordpress.org/plugins/wp-meta-data-filter-and-taxonomy-filter/#developers

Original 3rd-party's report on the vulnerability: Please note that questions related to this article should be directed to the 3rd-party researcher and not WP Engine:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20781
https://jvn.jp/en/jp/JVN48413554/index.html
https://wpscan.com/vulnerability/20cd0537-3942-446b-a61e-92083f33ca8f

To secure your site, please upgrade to the latest version of this plugin.

Not sure what to do, as I checked to see if I could update the version of the plugin but I cannot. The plugin version is currently 2.1.9, which seems really off of the plugin version that I see publicly listed. What should I do to fix this situation?

 

Thank you.

Hello

Paste your license key here - https://share.stackovergo.com/image/i20210618130558.png -> https://share.stackovergo.com/image/i20210618130614.png

Update  the  plugin  to  latest  version -  https://wp-filter.com/howto/how-to-make-auto-update-for-wordpress-plugins-and-themes-bought-on-envato/

Where can I find the license key?

Hello

To get  license  key - https://codecanyon.net/downloads -> https://c2n.me/49ZXJv0.png