For the past several versions, iThemes Security Pro’s Site Scan utilities has alerted me to two known vulnerabilities in DW Question & Answer Pro.
DW Question & Answer Pro <= 1.3.4 – Arbitrary Comment Edition via IDOR
DW Question & Answer Pro <= 1.3.4 – Multiple CSRF
I first reported these issues 11 months ago on the WordPress.org plugin repo, with no response.
When will these security vulnerabilities be addressed?
With the pro version, we have fixed these issues, we have tested and you can watch the following video.
https://www.dropbox.com/home?preview=Test-CSRF-Comment-form.mp4
https://www.dropbox.com/home?preview=Arbitrary-Comment-Edition-via-IDOR.mp4
About the Free version we are checking and updating the issues.
Please login or Register to submit your answer