Cancel

Reply To: WPForms Plugin Patches Vulnerability Affecting Stripe Payments and Subscriptions

WP Tavern Forums Articles WPForms Plugin Patches Vulnerability Affecting Stripe Payments and Subscriptions Reply To: WPForms Plugin Patches Vulnerability Affecting Stripe Payments and Subscriptions

Plugin Vulnerabilities
December 10, 2024 at 2:43 PM

The changelog for version 1.9.2.2 is missing any mention that there was a security vulnerability fixed. That is a reoccurring issue with Awesome Motive.

One reason why it is important to disclose security fixes in the changelog is so that others vet the changes to make sure they are complete. That clearly wasn’t done by Awesome Motive or Wordfence, as a quick check of the plugin shows it is still missing capability checks on other AJAX accessible functions.

Making this all worse is that the Security Reviewer on the Plugin Review Team is an Awesome Motive employee.

It would be great if you followed up with Awesome Motive and Wordfence on why they didn’t make sure the issue was fully addressed and how they are going to improve to avoid that happening again.

Recent Replies

Recent Topics

Newsletter

Subscribe Via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.