Authenticated Arbitrary File Upload Vulnerability

This is the technical support forum for Toolset - a suite of plugins for developing WordPress sites without writing PHP.

Everyone can read this forum, but only Toolset clients can post in it. Toolset support works 6 days per week, 19 hours per day.

Sun	Mon	Tue	Wed	Thu	Fri	Sat
-	9:00 – 12:00	9:00 – 12:00	9:00 – 12:00	9:00 – 12:00	9:00 – 12:00	-
-	13:00 – 18:00	13:00 – 18:00	13:00 – 18:00	13:00 – 18:00	13:00 – 18:00	-

Supporter timezone: America/Sao_Paulo (GMT-03:00)

This topic contains 1 reply, has 2 voices.

Author

Posts

March 6, 2023 at 10:05 am #2566765

Bonnie

This has been publicly published now: hidden link

This is the version of Types I am running and I am a little concerned that a vulnerability has been published publicly with no resolution available.

Can you please give me an update on this? I rely on Types for running my site.

March 6, 2023 at 4:53 pm #2567019

Supporter

Languages: English (English )

Timezone: America/Sao_Paulo (GMT-03:00)

Hello there,

Thanks for your contact.

We have just released the Toolset Types version 3.4.18, with a fix for this "vulnerability" issue. You can download the latest Toolset Types plugin from your account's page: https://toolset.com/account/downloads/, or you can install/update Toolset plugins using the installer plugin - please click on "Check for updates" button: - https://toolset.com/faq/how-to-install-and-register-toolset/#automatic-installation-once-you-have-otgs-installer-plugin-installed

Regards,
Mateus.