![]() Finally, the vulnerabilities were added to the Patchstack vulnerability database today, leading to the public release of the security advisory. On October 25, the vendor released version 5.7.0.1 of the LiteSpeed Cache plugin to address the reported issues. The vulnerability was first discovered on October 17 2023, prompting communication with the plugin vendor and the deployment of a vPatch rule to protect users. Read more on WordPress plugin vulnerabilities: Essential Addons Plugin Flaw Exposes One Million WordPress Websites The vendor has also implemented a permission check on the affected function to limit access to privileged users.ĭespite the patch, the incident underscores the importance of proactive security measures in the development and maintenance of WordPress plugins, as vulnerabilities can have far-reaching consequences for website owners and users. Additionally, developers are encouraged to implement proper input sanitization and output escaping in their code, particularly for data displayed in admin notices. To mitigate the risk, users are advised to update their LiteSpeed Cache plugin to the latest version. Specifically, the vulnerability resides in the update_cdn_status function, triggered by the cdn_status REST API endpoint, allowing unauthenticated users to exploit the flaw. The issue was addressed in version 5.7.0.1 of the plugin, which was assigned CVE-2023-40000. The flaw, discovered by the Patchstack team, stems from a lack of input sanitization and output escaping in the plugin’s code, combined with improper access control on one of its REST API endpoints. This could potentially allow unauthorized access to sensitive information or privilege escalation on affected WordPress sites via a single HTTP request. The vulnerability affects the LiteSpeed Cache plugin, which boasts over 4 million active installations, and presents a risk of unauthenticated site-wide stored XSS (cross-site scripting). But still the edits are not visible in jAlbum.Cybersecurity researchers have discovered a significant vulnerability in the LiteSpeed Cache plugin for WordPress. If I first select 'Mark to Republish' and next do a Publish, the images disappear from the "To be published" section. The plugin has received negative reviews for being abandoned deservedly, and even WordPress warned us they will close the plugin if we fail to update it. It was really frustrating I’ve spent so much time on developing a deprecated piece of software. They stay in that section if I do a Publish action. Nevertheless I finally failed turning the plugin Gutenberg-compatible. And even if they are placed in that section. But why should someboddy who tries to help you report fake issues?Īnyhow I can tell you that my images are not always positioned in the "To be published" section after an edit. ![]() I said there that I did test it on a Windows 10 system with Lightroom version 6.14Īll other issues I found, from which you did correct 2 issues, are found on the same system, so may be this are no issues on your systems or you did not test it. I did report this issue already in my first message in this thread, which you did delete. I do understand that, but if you can't test on the same type of system I use, that does not automatically means that the reported issue does not exist. For the same reason I dislike changing my old Photoshop, etc etc I am still using the Creative Suites which I purchased ages ago.īut it's very hard for me to debug problems that don't manifest here. How an I use the album I have created in that latest version of LR with my old software. ![]() I am too afraid that after maybe 10 years or so I will decide I do not use LR CC enough and want to stop paying. If, on the other hand, we misunderstand each other and I need a CreativeCloud version of LightRoom, then I am out. So if it works on my version of LightRoom I will be trying it out. Therefore I like the idea of your plug-in. I admit that the first site is updated faster as it is less hassle. Creating the website by jAlbum and upload to my site 2 with WS_FTP from Ipswitch. Opening jAlbum and creating a new version of the website, photos are added automatically. export from LightRoom to a jAlbum Folder. directly from LightRoom by Juicebox Plug-in through FTP to site 1 I have been using it with a plug-in from Juicebox until I decided I need a change. I find it hard to believe they still invest in it, I did not receive any update since 2017. I understand LR Classic to be the licensed version which was paid once (perpetual) and does not ask for regular payments anymore.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |