[Resuelto] Authenticated Arbitrary File Upload Vulnerability in Types

[Autor]

Mensajes

[scottL-3]

I got this warning today from my hosting provider about all of my sites that uses Toolset:

WordPress Toolset Types plugin <= 3.4.17 - Authenticated Arbitrary File Upload Vulnerability

Are you working on a resolution?

[Christopher Amirian]

Hi there,

As we did not have such a report before I'd appreciate it if you can ask for more details about the issue that is happening so we can investigate:

1. What is the issue and which file is involved.
2. Which tool they used to check and conclude that the issue is there,
3. Share with us the log of the issue and we will follow up

[scottL-3]

The warning came from the hosting provider (InMotionHosting) and was attributed to their WP Toolkit. More details are available here where it also says the vulnerability has been reported to Toolset:

enlace oculto

[Christopher Amirian]

Thank you for that. I reported this to the second-tier and we will check this asap to see what is the issue.

[Christopher Amirian]

Hi there,

We have a new release with the fix implemented.

Please either go to https://toolset.com/account/downloads/ to download Toolset types version 3.4.18.
Or go to WordPress Dashboard > Plugins > Add New and click the "Check for Updates" button to see the new version to install.

Thank you.