WP Engine Hosting is reporting that WPML main plugin version 4.6.3 has a XSS vulnerability. I couldn't find anything on WPScan and WP Engine doesn't list their source. So I just thought I would ask you all about it.
We received a similar report in another ticket today, and it was also from WPEngine.
WPML 4.6.3 has been out for some time, and we haven't received any security reports.
We need to look deeper into this and pass it on to our developers.
I would like to request temporary access (wp-admin and FTP) to your site to take a better look at the issue.
You will find the needed fields below the comment area when you log in to leave your next reply. The information you will enter is private, meaning only you and I can see and access it.
Maybe I'll need to replicate your site locally. For this, I’ll need to temporarily install a plugin called “Duplicator” or "All in One WP Migration" on your site. This will allow me to create a copy of your site and your content. Once the problem is resolved, I will delete the local site. Let me know if this is ok with you.
IMPORTANT
- Please backup site files and database before providing us access.
- If you do not see the wp-admin/FTP fields, your post & website login details will be made PUBLIC. DO NOT post your website details unless you see the required wp-admin/FTP fields. If you do not, please ask me to enable the private box.
The private box looks like this: hidden link
Looking forward to hearing back from you.
The topic ‘[Closed] WPEngine reporting xss security risk for WPML 4.6.3’ is closed to new replies.
