google advt get rejected on vulnerable plugin

Home Forums Product Support Forums Ajax Search Pro for WordPress Support google advt get rejected on vulnerable plugin

This topic contains 2 replies, has 2 voices, and was last updated by

 
Keymaster
1 year, 4 months ago.

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • #29345

    Participant

    while running google advt. on our website, it get rejected due to vulnerable plugin. i checked on wpsec.com it shows Ajax pro
    Plugin Potentially Vulnerable.

    it shows this message : Ajax Search Pro <= 3.5 – Cross-Site Request Forgery (CSRF) Add User fixed in 4.0

    but i am using 4.19.3 the latest version. But still i am facing google advt. issue

    its a paid plugin and because of that i couldn’t run google advt. There are lot of other plugins but no issues.

    My client is really frustrated with this situation

    hereby attaching the wp plugin list to show i am using the latest version and other screenshot to show the error that ajax pro have vulnerability on check.

    Attachments:
    You must be logged in to view attached files.
    #29349

    Hi,

    That is a very old issue, and had been properly resolved years ago. There is nothing more we can or should do about it. The issue was presented to us by security company, then registered as it should, and released after an update was already released.
    It looks like wpsec uses an outdated database, or have not marked this issue as resolved correctly. If you check the wpvulndb (their source), it is marked as resolved as well: https://wpvulndb.com/vulnerabilities/7859
    You can present this URL for the proof of concept and resolution.

    Best,
    Ernest Marcinko

    If you like my products, don't forget to rate them on codecanyon :)


    #29350

    + addition. You can try uploading a readme.txt file in the root folder of ajax search pro on the server: wp-content/plugins/ajax-search-pro/
    I attached the readme.txt file to this post. It may help the wpsec crawler to get the correct plugin version, and report the correct results.
    If you cannot see the attachment, the file is also available here: https://gist.github.com/anag0/2a82a4288e6cc2dcb4b5ea3b24e97a09

    Attachments:
    You must be logged in to view attached files.
    Best,
    Ernest Marcinko

    If you like my products, don't forget to rate them on codecanyon :)


Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.