Directory

Another security risk picked up on 6.9.0 | WordPress.org

Andrew M
(@andrewlmacaulay)

4 months ago

Just got notified that another security issue has been identified…

WordPress Easy Forms for Mailchimp plugin <= 6.9.0 – Sensitive Data Exposure via Log File vulnerability

Sensitive Data Exposure via Log File vulnerability discovered by Joshua Chan (Patchstack Alliance) in WordPress Plugin Easy Forms for Mailchimp (versions <= 6.9.0)

Viewing 4 replies - 1 through 4 (of 4 total)

carmpocalypse
(@carmpocalypse)

3 months, 4 weeks ago

This was resolved in 6.9.0, the Sensitive Data Exposure via Log File along with the issue from December:

https://github.com/EvanHerman/yikes-inc-easy-mailchimp-extender/issues/916

?

Thread Starter Andrew M
(@andrewlmacaulay)

3 months, 4 weeks ago

Excellent news. I have sent in a report to patchstack about their current entry about this WordPress Easy Forms for Mailchimp plugin <= 6.9.0 – Sensitive Data Exposure via Log File vulnerability – Patchstack to get the status updated to reflect the fix.

Thread Starter Andrew M
(@andrewlmacaulay)

3 months, 3 weeks ago

Had queried this status of this security issue for 6.9.0 and have just got the following back after a review by PatchStack:

“We still don’t see that the log filename has been secured by adding a sufficient length of random string as the prefix or suffix on version 6.9.0. Additionally, we also recommend to apply .htaccess rule to prevent direct access.”

Can you possibly look into this again please.

carmpocalypse
(@carmpocalypse)

3 months, 1 week ago

I posted the issue on their Github and quoted what Patchstack said from what you posted.

@andrewlmacaulay

Viewing 4 replies - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.

Tags

bugs

In: Plugins
5 replies
3 participants
Last reply from: carmpocalypse
Last activity: 3 months, 1 week ago
Status: not resolved