Authenticated Arbitrary File Upload Vulnerability

Este hilo está resuelto. Aquí tiene una descripción del problema y la solución.

Problem:

There was a Vulnerability report.

Solution:

Update Toolset plugins to the latest version.

This support ticket is created hace 2 años, 4 meses. There's a good chance that you are reading advice that it now obsolete.

This is the technical support forum for Toolset - a suite of plugins for developing WordPress sites without writing PHP.

Everyone can read this forum, but only Toolset clients can post in it. Toolset support works 6 days per week, 19 hours per day.

Este tema contiene 5 respuestas, tiene 2 mensajes.

Última actualización por dbarber hace 2 años, 4 meses.

Asistido por: Christopher Amirian.

Autor

Mensajes

marzo 4, 2023 at 1:54 am #2565589

dbarber

I received a notification about a site with Toolset plugins that Types 3.4.17 has a vulnerability.

More info: enlace oculto

Please advise.

Thanks

marzo 5, 2023 at 2:54 pm #2566283

Christopher Amirian

Colaborador

Idiomas: Inglés (English )

Hi there,

Thank you, we will double check this, meanwhile is there any detailed information on which file has the issue mentioned?

Maybe you can give more info?

marzo 5, 2023 at 4:53 pm #2566347

dbarber

The original report came from iThemes Security Pro, which you can find here:

enlace oculto

I've got the raw details from the report. I don't think they'd be helpful, but let me know if you want them.

marzo 6, 2023 at 8:14 am #2566691

Christopher Amirian

Colaborador

Idiomas: Inglés (English )

Hi there,

Thank you very much. I reported this to the second-tier support and will get back to you as soon as I have an update.

Thanks.

marzo 6, 2023 at 12:15 pm #2566819

Christopher Amirian

Colaborador

Idiomas: Inglés (English )

Hi there,

We have a new release with the fix implemented.

Please either go to https://toolset.com/account/downloads/ to download Toolset types version 3.4.18.
Or go to WordPress Dashboard > Plugins > Add New and click the "Check for Updates" button to see the new version to install.

Thank you.

marzo 9, 2023 at 12:56 am #2568883

dbarber

Thank you.