- This topic has 2 replies, 2 voices, and was last updated 2 months ago by .
-
Posts
-
Good day,
<div dir=”ltr” style=”box-sizing: border-box; word-break: break-word; overflow-wrap: break-word;”>I wanted to reach out to you about a security vulnerability uncovered for the Store Locator Plus plugin:</div>
<div dir=”ltr” style=”box-sizing: border-box; word-break: break-word; overflow-wrap: break-word;”></div>
<div style=”box-sizing: border-box; word-break: break-word; overflow-wrap: break-word;”></div>
<div dir=”ltr” style=”box-sizing: border-box; word-break: break-word; overflow-wrap: break-word;”>This could allow a malicious actor to view sensitive information that is normally not available to regular users. This can be used to exploit other weaknesses in the system.</div>
<div dir=”ltr” style=”box-sizing: border-box; word-break: break-word; overflow-wrap: break-word;”></div>
<div dir=”ltr”>Currently, there is no official fix available.</div>
<div dir=”ltr”></div>
<div dir=”ltr”>Is this on your team’s radar? And do you have an expected timeline on when a patch will be released to resolve this></div>This is not a vulnerability. The developer is aware of this as identified by the poster ,
when the locations in your dataset is marked private you can still find the url.
We do not see this as sensitive or a vulnerability considering the type of use the plug-in is intended for. Just delete any locations you don’t want to be shown instead of marking them as private.
Please list any other issues you have found or specific info reported if it turns out that’s not the “sensitive data” they are referring to.
The plug-in is not intend for sensitive data use. It is intended for the ability to find locations for your customers queries.
P.S. If you go to the site reporting this you will see this ”
Solutions
This security issue has a low severity impact and is unlikely to be exploited.
- You must be logged in to reply to this topic.