Security warning with plugin version 2.1.9?
The support doesn work on Saturdays and Sundays, so some Friday requests can be answered on Monday. If you have problems with registration ask help on contact us page pleaseIf you not got email within 24~36 business hours, firstly check your spam box, and if no any email from the support there - back to the forum and read answer here. DO NOT ANSWER ON EMAILS [noreply@pluginus.net] FROM THE FORUM!! Emails are just for your info, all answers should be published only here.
The support doesn work on Saturdays and Sundays, so some Friday requests can be answered on Monday.
Quote from kelly.r on July 12, 2021, 11:24Hi there.
So it seems like we are using some sort of paid version of a plugin? (Unclear, I was handed over this website a while back). Not sure if the plugin came pre-loaded with the theme or not.
We then got this recent message from WP Engine security scan:
At WP Engine we take the security of your sites very seriously, and make every effort to keep our customers aware of any potential security risks. We are reaching out to you today because we identified your site(s), (techwarn), is (are) utilizing a vulnerable version of the MDTF plugin.
According to the author of this plugin, this issue has been patched in a recent update to the plugin.
WP Engine summary of the vulnerability: This vulnerability allows an attacker to target privileged authenticated users with malicious links that make authenticated requests to WordPress on behalf of the user. An attacker could use this vulnerability to modify site configuration, including adding backdoors such as other WordPress administrators.
Plugin Authors' summary of the vulnerability and patch (changelog): Please note that questions related to this documentation should be directed to the plugin Author and not WP Engine: https://wordpress.org/plugins/wp-meta-data-filter-and-taxonomy-filter/#developers
Original 3rd-party's report on the vulnerability: Please note that questions related to this article should be directed to the 3rd-party researcher and not WP Engine:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20781
https://jvn.jp/en/jp/JVN48413554/index.html
https://wpscan.com/vulnerability/20cd0537-3942-446b-a61e-92083f33ca8fTo secure your site, please upgrade to the latest version of this plugin.
Not sure what to do, as I checked to see if I could update the version of the plugin but I cannot. The plugin version is currently 2.1.9, which seems really off of the plugin version that I see publicly listed. What should I do to fix this situation?
Thank you.
Hi there.
So it seems like we are using some sort of paid version of a plugin? (Unclear, I was handed over this website a while back). Not sure if the plugin came pre-loaded with the theme or not.
We then got this recent message from WP Engine security scan:
At WP Engine we take the security of your sites very seriously, and make every effort to keep our customers aware of any potential security risks. We are reaching out to you today because we identified your site(s), (techwarn), is (are) utilizing a vulnerable version of the MDTF plugin.
According to the author of this plugin, this issue has been patched in a recent update to the plugin.
WP Engine summary of the vulnerability: This vulnerability allows an attacker to target privileged authenticated users with malicious links that make authenticated requests to WordPress on behalf of the user. An attacker could use this vulnerability to modify site configuration, including adding backdoors such as other WordPress administrators.
Plugin Authors' summary of the vulnerability and patch (changelog): Please note that questions related to this documentation should be directed to the plugin Author and not WP Engine: https://wordpress.org/plugins/wp-meta-data-filter-and-taxonomy-filter/#developers
Original 3rd-party's report on the vulnerability: Please note that questions related to this article should be directed to the 3rd-party researcher and not WP Engine:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20781
https://jvn.jp/en/jp/JVN48413554/index.html
https://wpscan.com/vulnerability/20cd0537-3942-446b-a61e-92083f33ca8f
To secure your site, please upgrade to the latest version of this plugin.
Not sure what to do, as I checked to see if I could update the version of the plugin but I cannot. The plugin version is currently 2.1.9, which seems really off of the plugin version that I see publicly listed. What should I do to fix this situation?
Thank you.
Quote from Pablo Borysenco on July 13, 2021, 10:27Hello
Paste your license key here - https://share.pluginus.net/image/i20210618130558.png -> https://share.pluginus.net/image/i20210618130614.png
Update the plugin to latest version - https://wp-filter.com/howto/how-to-make-auto-update-for-wordpress-plugins-and-themes-bought-on-envato/
Hello
Paste your license key here - https://share.pluginus.net/image/i20210618130558.png -> https://share.pluginus.net/image/i20210618130614.png
Update the plugin to latest version - https://wp-filter.com/howto/how-to-make-auto-update-for-wordpress-plugins-and-themes-bought-on-envato/
Quote from kelly.r on July 14, 2021, 05:31Where can I find the license key?
Where can I find the license key?
Quote from Pablo Borysenco on July 14, 2021, 10:37Hello
To get license key - https://codecanyon.net/downloads -> https://c2n.me/49ZXJv0.png
Hello
To get license key - https://codecanyon.net/downloads -> https://c2n.me/49ZXJv0.png