Vulnerable?

Last updated on by Upface tech-admin

This topic has 1 reply, 2 voices, and was last updated 8 months, 3 weeks ago by Anshuman Sahu.

Viewing 2 posts - 1 through 2 (of 2 total)

Author

Posts
August 11, 2023 at 5:15 am #388630

Upface tech-admin
Participant

Hello.

You wrote about 3.9.9 version

But:

https://patchstack.com/database/vulnerability/wplms/wordpress-wplms-theme-4-600-cross-site-request-forgery-csrf-vulnerability here is about <4.9.0

What is the real vulnerable version?

I have 4.901, should I do anything?

August 11, 2023 at 8:35 pm #388662
Anshuman Sahu
Keymaster
hi as the link said this has been fixed in 4.9 . to fix it in 3.9.9 please add this line at the top of the import_data function :
```
if(!current_user_can('manage_options') || (!empty($_POST['security']) || !wp_verify_nonce($_POST['security'],'security')))
```
```
  			die();
```
Author

Posts

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.