Vulnerability

  • Resolved espressivo

    (@espressivo)


    5 months, 4 weeks ago

    Category:PLUGIN

    Versions-Affected:<= 1.20.3

    Type:Access Controls

    Severity:MEDIUM

    Description:Abdi Pranata discovered and reported this Broken Access Control vulnerability in WordPress Social Pug Plugin. A broken access control issue refers to a missing authorization, authentication or nonce token check in a function that could lead to an unprivileged user to executing a certain higher privileged action. This vulnerability has not been known to be fixed yet.

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author mediavine

    (@mediavine)

    5 months, 4 weeks ago

    Hi @espressivo,

    Thanks for reaching out! While there’s not a lot of information to go off of, it doesn’t sound like this should be a new cause for concern.

    We are actually in the process of handing off the Grow Social plugin to Nerdpress who has acquired it, and will be renaming it to Hubbub. While the exact timeline and details are still in the works, we’ll be working on communicating any ongoing issues to them.

    Of course in the meantime, we’re happy to help troubleshoot if you’re experiencing any functionality problems. Just let us know!

    Plugin Author Colin Devroe

    (@cdevroe)

    5 months, 3 weeks ago

    Hello @espressivo,

    Thank you for bringing this to our attention. We plan on fixing this issue in a very near future update. I will update this thread when it is fixed.

    Plugin Author Colin Devroe

    (@cdevroe)

    5 months, 3 weeks ago

    Hello @espressivo — Today we’ve released 1.30.1 of Hubbub Lite and 2.17.1 of Hubbub Pro which will fix the security issue reported by Abdi Pranata. Thank you again for reporting it to us.

Viewing 3 replies - 1 through 3 (of 3 total)
  • You must be logged in to reply to this topic.