Wordfence vulnerability

Resolved voltima
(@voltima)

1 year, 2 months ago

Are you planning on fixing this vulnerability in version 1.3.1?

The Integrate Google Drive – Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files Into Your WordPress Site plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 1.3.1. This is due to insufficient validation on the redirect url supplied via the ‘state’ parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.

The page I need help with: [log in to see the link]

Viewing 5 replies - 1 through 5 (of 5 total)

Plugin Author Prince
(@princeahmed)

1 year, 2 months ago

Hi voltima,
We are working on it and will release an update very soon by fixing the issue.

Plugin Author Prince
(@princeahmed)

1 year, 2 months ago

Hi voltima,
We have fixed the issue and released a new update – v1.3.2.
Please update your plugin to the latest version.

BlackBoXz
(@blackboxz)

1 year, 2 months ago

Hello,

Still vulnerable to Open Redirect in all versions up to, and including, 1.3.3. This is due to insufficient validation on the redirect url supplied via the ‘state’ parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.

Integrate Google Drive <= 1.3.3 – Open Redirect via state

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/integrate-google-drive/integrate-google-drive-131-open-redirect-via-state
Thread Starter voltima
(@voltima)

1 year, 2 months ago
Still showing this plugin as having a vulnerability via WP and Wordfence.
- Plugin Name: Integrate Google Drive
- Current Plugin Version: 1.3.3
- Details: To protect your site from this vulnerability, the safest option is to deactivate and completely remove “Integrate Google Drive” until a patched version is available. Get more information.(opens in new tab)
- Repository URL: https://wordpress.org/plugins/integrate-google-drive(opens in new tab)
- Vulnerability Information: https://www.wordfence.com/threat-intel/vulnerabilities/id/bccceb2d-2087-4ee6-8118-eb3fb53654dc?source=plugin(opens in new tab)
- Vulnerability Severity: 4.7/10.0 (Medium)
searchngp
(@searchngp)

1 year ago

Has this been addressed?

Viewing 5 replies - 1 through 5 (of 5 total)

The topic ‘Wordfence vulnerability’ is closed to new replies.