Authenticated Arbitrary File Upload Vulnerability

This thread is resolved. Here is a description of the problem and solution.

Problem:

There was a Vulnerability report.

Solution:

Update Toolset plugins to the latest version.

This is the technical support forum for Toolset - a suite of plugins for developing WordPress sites without writing PHP.

Everyone can read this forum, but only Toolset clients can post in it. Toolset support works 6 days per week, 19 hours per day.

This topic contains 5 replies, has 2 voices.

Last updated by dbarber 1 year, 10 months ago.

Assisted by: Christopher Amirian.

Author

Posts

March 4, 2023 at 1:54 am #2565589

dbarber

I received a notification about a site with Toolset plugins that Types 3.4.17 has a vulnerability.

More info: hidden link

Please advise.

Thanks

March 5, 2023 at 2:54 pm #2566283

Christopher Amirian

Supporter

Languages: English (English )

Hi there,

Thank you, we will double check this, meanwhile is there any detailed information on which file has the issue mentioned?

Maybe you can give more info?

March 5, 2023 at 4:53 pm #2566347

dbarber

The original report came from iThemes Security Pro, which you can find here:

hidden link

I've got the raw details from the report. I don't think they'd be helpful, but let me know if you want them.

March 6, 2023 at 8:14 am #2566691

Christopher Amirian

Supporter

Languages: English (English )

Hi there,

Thank you very much. I reported this to the second-tier support and will get back to you as soon as I have an update.

Thanks.

March 6, 2023 at 12:15 pm #2566819

Christopher Amirian

Supporter

Languages: English (English )

Hi there,

We have a new release with the fix implemented.

Please either go to https://toolset.com/account/downloads/ to download Toolset types version 3.4.18.
Or go to WordPress Dashboard > Plugins > Add New and click the "Check for Updates" button to see the new version to install.

Thank you.

March 9, 2023 at 12:56 am #2568883

dbarber

Thank you.