Reported Security Issue

[jamesros161]

We've received a report from a third party concerning a security vulnerability in your plugin. Your plugin has not yet been closed, however if in the next 30 days the issue remains unpatched or we receive no communication we will be forced to close the plugin due to inaction.

Here's what you need to do:

1. Vulnerability Remediation:
   • Thoroughly review this email and the report included below.
   • Implement necessary code modifications to eliminate the vulnerability.
   • Address any additional similar concerns identified.
2. Perform a Security Review:
   • Conduct a comprehensive security and WordPress coding standards review of your plugin's codebase.
   • Utilize the Plugin Check Plugin as a tool to identify and rectify any issues: https://wordpress.org/plugins/plugin-check/
   • We expect all issues detected by Plugin Check Plugin will be resolved before you resubmit the plugin for review.
3. Plugin Update:
   • Increment your plugin's version number.
   • Update the "Tested up to" version within your readme.txt file to reflect the latest WordPress release.
4. Submit the Update:
   • Commit the updated code to your plugin's SVN repository.
   • Be sure to properly tag the new release.
   • Please review our documentation on how to use SVN - https://developer.wordpress.org/plugins/wordpress-org/how-to-use-subversion/#best-practices
   • as improper SVN usage can delay our reviews.
5. Reply to this email to request a re-review.

Important Considerations:

• Thoroughness: A comprehensive review of your entire plugin will be conducted upon resubmission. Any additional security or guideline issues must be resolved before your plugin can be relisted.
• Timeframe: You have 14 days from the time of this email to reply confirming you are aware of the issue and 30 days total to address the reported vulnerability in order to avoid closure.
• Public Disclosure: This security bug was reported to us from a third party. We can not prevent public disclosure, dispute their claim or change their disclosure timeline (which may occur before our 30 day timeframe). We are notifying you of the information we have been provided in order to help you begin working on a patch.
• Support: If you require clarification, encounter challenges or need more time, please reply to this email.
• Failure to act: Failure to communicate or make substantial progress within this timeframe will necessitate the closure of your plugin to protect users.

Vulnerability Report

• Vulnerability type: Broken Access Control
• URL: https://wordpress.org/plugins/boldgrid-backup/
• Validated by us, no easy way to contact the vendor.
• Not published yet.
• Original report: https://patchstack.com/database/report-preview/63fe62e3-27be-4615-b769-8aa4547d7d1f?pin=p2lV4TfLxzNbR05h

[jamesros161]

Vulnerability report was invalid. Disputed the report with Patchstack and it was rejected.