Open UPTimbo opened 9 months ago
So I'm seeing 2.7.31, do we know if this version is an actual fix that will result in the plugin being returned to the WP repository?
So I'm seeing 2.7.31, do we know if this version is an actual fix that will result in the plugin being returned to the WP repository?
the committed code seems to address the issue that is mentioned in the vulnerability so i would assume so
So I'm seeing 2.7.31, do we know if this version is an actual fix that will result in the plugin being returned to the WP repository?
the committed code seems to address the issue that is mentioned in the vulnerability so i would assume so
Download from here (2.7.31): https://downloads.wordpress.org/plugin/unyson.zip
I will believe it when Patchstack updates their vulnerability report to reflect that this addresses the fix correctly https://patchstack.com/database/vulnerability/unyson
Is anyone using the new version. Any news on whether this is an actual fix. It's obvious Theme Fuse isn't providing any details. Appreciate your feedback.
Is anyone using the new version. Any news on whether this is an actual fix. It's obvious Theme Fuse isn't providing any details. Appreciate your feedback.
Yes we're using it and so far so good no more threat warnings from our host one.com. The current site is live with the updated theme, however we have setup a staging platform and are in the process of migrating everything to the Avada theme. It's a lot of work but will be better in the long term as we're only a small team.
Is anyone using the new version. Any news on whether this is an actual fix. It's obvious Theme Fuse isn't providing any details. Appreciate your feedback.
We have the new version installed, but from everything I can see from the Diff between the previous and current version, it was not an actual fix. Witness the fact that I pointed out earlier, that Patchstack has still not updated their vulnerability info to indicate that it is now fixed.
I'm getting alerts that the Unyson plugin for WordPress is vulnerable to unauthorized access and modification of data due to missing capability checks on several functions in versions up to, and including, 2.7.28. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform unauthorized actions such as dismissing notices.
Is there a Patch in the works?