Content Timeline SECURITY VULNERABILITY

StatusIDPriorityType
Closed30545HighContent Timeline WP
Profile Reply
davidsteindesign Client

I received the following email from my web host, WPEngine and would like to know how you are planning to address the vulnerability and what can I do to receive a refund if it’s not fixed?

Hello,
At WP Engine we take security very seriously and make every effort to keep our customers aware of any potential issues. We are reaching out to you today because we identified your site(s), (name of site), are utilizing a vulnerable version of the Content Timeline plugin. 

A serious vulnerability has been discovered that exposes an install’s database to remote and unauthenticated queries The developer of this plugin has not responded to vulnerability disclosures for two weeks now and because of this, we advise deleting the plugin.

Please make sure to run a backup of your database first.

If you have any questions about deleting your plugin or performing a backup please feel free to reach out to our Support team at any time!
-WP Engine Security Team

Replies

User Description Posted On
Shindiri Support team Administrator

Hi,

Thank you for notifying us, security of our products is one of our main priorities.

We are in conversation with the person who has found the issue, and are working on solving the issue ASAP.

Please be aware that we also contacted WP Engine so we can be in touch with their security team to handle this to our best knowledge.

You will get prompted when a new update is live, so you can immediately do a upgrade.

Thank you for your faith in our product and we apologize if this situation causes you any inconvenience.

Best regards,
Shindiri Studio Support Team

Shindiri Support team Administrator

Hello,

 

security flaw is solved, you can update plugin to latest version that is now available.

Thank you for using our products and rest assure that we will always address any security issues with highest priority.

Best regards,
Shindiri Studio Support Team

× This ticket is closed.