- This topic has 2 replies, 2 voices, and was last updated 5 years, 8 months ago by
.
-
Posts
-
while running google advt. on our website, it get rejected due to vulnerable plugin. i checked on wpsec.com it shows Ajax pro
Plugin Potentially Vulnerable.it shows this message : Ajax Search Pro <= 3.5 – Cross-Site Request Forgery (CSRF) Add User fixed in 4.0
but i am using 4.19.3 the latest version. But still i am facing google advt. issue
its a paid plugin and because of that i couldn’t run google advt. There are lot of other plugins but no issues.
My client is really frustrated with this situation
hereby attaching the wp plugin list to show i am using the latest version and other screenshot to show the error that ajax pro have vulnerability on check.
Hi,
That is a very old issue, and had been properly resolved years ago. There is nothing more we can or should do about it. The issue was presented to us by security company, then registered as it should, and released after an update was already released.
It looks like wpsec uses an outdated database, or have not marked this issue as resolved correctly. If you check the wpvulndb (their source), it is marked as resolved as well: https://wpvulndb.com/vulnerabilities/7859
You can present this URL for the proof of concept and resolution.+ addition. You can try uploading a readme.txt file in the root folder of ajax search pro on the server: wp-content/plugins/ajax-search-pro/
I attached the readme.txt file to this post. It may help the wpsec crawler to get the correct plugin version, and report the correct results.
If you cannot see the attachment, the file is also available here: https://gist.github.com/anag0/2a82a4288e6cc2dcb4b5ea3b24e97a09
- You must be logged in to reply to this topic.