[Resolved] Authenticated Arbitrary File Upload Vulnerability

[Author]

Posts

[dbarber]

I received a notification about a site with Toolset plugins that Types 3.4.17 has a vulnerability.

More info: hidden link

Please advise.

Thanks

[Christopher Amirian Supporter Languages: English (English )]

Hi there,

Thank you, we will double check this, meanwhile is there any detailed information on which file has the issue mentioned?

Maybe you can give more info?

[dbarber]

The original report came from iThemes Security Pro, which you can find here:

hidden link

I've got the raw details from the report. I don't think they'd be helpful, but let me know if you want them.

[Christopher Amirian Supporter Languages: English (English )]

Hi there,

Thank you very much. I reported this to the second-tier support and will get back to you as soon as I have an update.

Thanks.

[Christopher Amirian Supporter Languages: English (English )]

Hi there,

We have a new release with the fix implemented.

Please either go to https://toolset.com/account/downloads/ to download Toolset types version 3.4.18.
Or go to WordPress Dashboard > Plugins > Add New and click the "Check for Updates" button to see the new version to install.

Thank you.

[dbarber]

Thank you.