Shawn Hesketh
asked 2 weeks ago

For the past several versions, iThemes Security Pro’s Site Scan utilities has alerted me to two known vulnerabilities in DW Question & Answer Pro.
DW Question & Answer Pro <= 1.3.4 – Arbitrary Comment Edition via IDOR
DW Question & Answer Pro <= 1.3.4 – Multiple CSRF
I first reported these issues 11 months ago on the WordPress.org plugin repo, with no response. 
When will these security vulnerabilities be addressed?

1 Answers
DominicStaff
answered 2 weeks ago

With the pro version, we have fixed these issues, we have tested and you can watch the following video.

https://www.dropbox.com/home?preview=Test-CSRF-Comment-form.mp4
https://www.dropbox.com/home?preview=Arbitrary-Comment-Edition-via-IDOR.mp4

Dominic Staff
replied 2 weeks ago

About the Free version we are checking and updating the issues.

Powered by DW Question & Answer Pro