Skip Navigation
Buy Now

Home Toolset Professional Support [Resolved] WordPress Types Plugin

[Resolved] WordPress Types Plugin

This thread is resolved. Here is a description of the problem and solution.

Problem:

There was a Vulnerability report.

Solution:

Update Toolset plugins to the latest version.

This support ticket is created 2 years, 5 months ago. There's a good chance that you are reading advice that it now obsolete.

This is the technical support forum for Toolset - a suite of plugins for developing WordPress sites without writing PHP.

Everyone can read this forum, but only Toolset clients can post in it. Toolset support works 6 days per week, 19 hours per day.

This topic contains 6 replies, has 2 voices.

Last updated by garyY-2 2 years, 5 months ago.

Assisted by: Christopher Amirian.

Author
Posts
#2565401

garyY-2

Hi Guys

I am getting this waring in Plesk's WordPress Toolkit:

Dave Jong (Patchstack) discovered and reported this Arbitrary File Upload vulnerability in WordPress Types Plugin. This could allow a malicious actor to upload any type of file to your website. This can include backdoors which are then executed to gain further access to your website. This vulnerability has not been known to be fixed yet.

Can you advise when it will be fixed I am having to deactivate the plugin on all sites that use it which is obviously breaking my sites.

Cheers

Gary

#2566281

Christopher Amirian
Supporter

Languages: English (English )

Hi Gary,

Would you please give us the details below?

1. What is the issue and which file is involved.
2. Which tool they used to check and conclude that the issue is there,
3. Share with us the log of the issue and we will follow up

#2566305

garyY-2
Screenshot 2023-03-05 at 15.46.47.png

Hi Christoper

The Issue is being reported to me by Plesk WordPress Toolkit which basically told me to disable the plugin immediately.

The source of the issue is reported here: hidden link

I personally have no further details and I'm a bit surprised that On The Go Systems are not aware of it as this stuff should be reported safely, clearly not.

Unfortunately I have no further info I can supply you with, but I do have 3 broken live client websites due to the need to disable Toolset Types which obviously is not ideal.

Thanks for getting back to me on a Sunday.

Cheers

Gary

#2566715

garyY-2

HI Guys

Is there any news on this, sorry for the hassle but as you can imagine my clients are getting pretty stressed about the situation.

Thanks in advance for your reply.

Cheers

Gary

#2566811

Christopher Amirian
Supporter

Languages: English (English )

Hi there,

We have followed up already with the issue which actually involves uploading executables (like PHP) but, it can only be done by an administrator, so there is no imminent risk involved.

A new version will be available in two days that addresses the issue.

Thank you.

#2566821

Christopher Amirian
Supporter

Languages: English (English )

Hi there,

We have a new release with the fix implemented.

Please either go to https://toolset.com/account/downloads/ to download Toolset types version 3.4.18.
Or go to WordPress Dashboard > Plugins > Add New and click the "Check for Updates" button to see the new version to install.

Thank you.

#2566827

garyY-2

My issue is resolved now. Thank you!

Known issues and solutions

Frequently asked support questions

Support tickets archive

Get help from experienced contractors

Meet Toolset support team

Toolset Customer Support Policy

Need to tell us something about the quality of support

How to remove personal information from your database for support