Vulnerability (Reflected Cross-Site Scripting) and closed in WP store | WordPress.org

Resolved Andrew M
(@andrewlmacaulay)

7 months ago

Just been notified for the following vulnerability Loggedin – Limit Active Logins <= 1.3.1 – Reflected Cross-Site Scripting (wordfence.com) and see that the plugin Loggedin – Limit Active Logins – WordPress plugin | WordPress.org is currently shown as “This plugin has been closed as of September 30, 2024 and is not available for download. This closure is temporary, pending a full review.”

Hoping you will be able to resolve the vulnerability and get it back in the WP “store” soon.

Viewing 5 replies - 1 through 5 (of 5 total)

Plugin Author Joel James
(@joelcj91)

7 months ago

Hey @andrewlmacaulay

Thank you for the heads up. Yes I am aware and pushed the suggested fixes. Waiting for plugin’s team response now.

Thread Starter Andrew M
(@andrewlmacaulay)

7 months ago

Thank you.

Hopefully the plugin team will turn it around quickly 🙂

Manni02
(@manni02)

7 months ago

First of all, thanks for the plugin, it’s great 🙂

Any update about this? In the report, it is said: “This is only exploitable when the leave a review notice is present.” What does that mean? I don’t see any option about leaving a review in the settings, so in which situation is the vulnerability exploitable, and is there a way to make sure it doesn’t happen before the updated version is released?

Thanks!

Plugin Author Joel James
(@joelcj91)

7 months ago

@manni02 I have pushed the fixes and still waiting for wp.org plugins team’s response.

To my understanding, this is not a very critical vulnerability, so you don’t have to worry 🙂

Manni02
(@manni02)

7 months ago

Thanks for the update Joel. Yes, it doesn’t sound critical, so I’m not worrying 🙂

Viewing 5 replies - 1 through 5 (of 5 total)

The topic ‘Vulnerability (Reflected Cross-Site Scripting) and closed in WP store’ is closed to new replies.

In: Plugins
7 replies
3 participants
Last reply from: Manni02
Last activity: 7 months ago
Status: resolved