Make WordPress Core

Opened 2 years ago

Closed 2 years ago

Last modified 2 years ago

#55982 closed defect (bug) (invalid)

Advanced Contact form 7 DB - Plugin Security Check

Reported by: vsourz1td's profile vsourz1td Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: Security Keywords:
Focuses: Cc:

Description

Hello Support

From the last few days we are getting the security warning "Cross-Site Scripting (XSS)" on our plugin Advanced Contact form 7 DB (https://wordpress.org/plugins/advanced-cf7-db/)

However we have scanned this plugin code and didn't find any issue on our code, can you guys please test the code of our plugin and provide us the vulnerability details.

Thanks.

Change History (4)

#1 @anonymized_17160716
2 years ago

Hello @vsourz1td,

On March 1, I tried to contact you to provide all the necessary data regarding the discovered vulnerability. In return I received only an autoresponder message, and that's it, no more updates from your side.

On May 25 all the information about this issue was emailed to the WordPress Plugins team.

#2 @fierevere
2 years ago

  • Resolution set to invalid
  • Severity changed from critical to normal
  • Status changed from new to closed

Hello

This trac is for WordPress core, it does not cover 3rd party plugins and themes.

For any issues please contact theme or plugin authors using their available contacts or use their plugin support forum section.

#3 @fierevere
2 years ago

If you are plugin author, then please use plugins@… to reach plugin review team or use Slack #pluginreview channel

https://make.wordpress.org/chat/

#4 @desrosj
2 years ago

  • Milestone Awaiting Review deleted
Note: See TracTickets for help on using tickets.