I got this warning today from my hosting provider about all of my sites that uses Toolset:
WordPress Toolset Types plugin <= 3.4.17 - Authenticated Arbitrary File Upload Vulnerability
Are you working on a resolution?
Hi there,
As we did not have such a report before I'd appreciate it if you can ask for more details about the issue that is happening so we can investigate:
1. What is the issue and which file is involved.
2. Which tool they used to check and conclude that the issue is there,
3. Share with us the log of the issue and we will follow up
The warning came from the hosting provider (InMotionHosting) and was attributed to their WP Toolkit. More details are available here where it also says the vulnerability has been reported to Toolset:
hidden link
Thank you for that. I reported this to the second-tier and we will check this asap to see what is the issue.
Hi there,
We have a new release with the fix implemented.
Please either go to https://toolset.com/account/downloads/ to download Toolset types version 3.4.18.
Or go to WordPress Dashboard > Plugins > Add New and click the "Check for Updates" button to see the new version to install.
Thank you.
