ethicalhack3r
commented
8 years ago Thanks for the info! Updated the vuln title to reflect your info - https://wpvulndb.com/vulnerabilities/8482
If you get a reply please let us know :)
Closed rastating closed 8 years ago
ethicalhack3r
commented
8 years ago Thanks for the info! Updated the vuln title to reflect your info - https://wpvulndb.com/vulnerabilities/8482
If you get a reply please let us know :)
rastating
commented
8 years ago @ethicalhack3r you're welcome!
I got a reply, which is:
Should be (2.1.8 for non-directory themes) For rest, 2.3.1 is the latest version. Sorry for the confusion.
It sounds like there are themes that come pre-packaged with it, which use 2.1.8 or below, but the plugin can be installed independently, which has versions higher available. So, it would appear everything pre 2.3.0 is vulnerable and 2.3.1 is the current latest release (but was fixed in 2.3.0).
Hope that helps!
ethicalhack3r
commented
8 years ago Helps a lot thanks! :)
So is 2.2.7 the last of the 2.2.x branch? So the current title is correct https://wpvulndb.com/vulnerabilities/8482 ?
rastating
commented
8 years ago 2.2.7 is the latest version I have been able to locate so far, it is possible there were some more in the 2.2.x range though
ethicalhack3r
commented
8 years ago Cool, thanks again Rob, I'll leave it as it is until any further info comes to light.
The disclosure from Templatic on this one appears to have a typo potentially (I am currently contacting them to make them aware of this too). The latest version of the plugin (2.3.0) fixes the issue, however, they stated that version 2.1.8 and earlier is the vulnerable range, but it should be any version prior to 2.3.0 (I think).
I have been doing some testing on version 2.2.7 of the plugin and can confirm that 2.2.7 is definitely exploitable and suffering from the same vulnerability.