Postman plugin2/18/2023 The real-time firewall rule updates will protect you from the latest threats. Its firewall will also protect you against new and emerging attacks.įinally, consider upgrading to Wordfence Premium if you haven’t already. It will alert you when your plugins have been abandoned or removed from the the WordPress directory. If you haven’t already, we suggest that you install Wordfence on all of your WordPress websites. It contains an unpatched security vulnerability and it appears the author may have abandoned it. If you have the Postman SMTP plugin installed on your site, we suggest that you remove it immediately. We wrote at length about how to handle this situation when we released this feature back in June as a part of the 6.3.11 release. Since they don’t publicly announce that plugins have been removed, nor why, it is prudent for site owners to treat the plugin as a potential security risk and take reasonable precautions. One common reason is that someone has discovered a security vulnerability that has not yet been fixed. There is a long list of reasons why the plugin team at might remove a plugin from the directory. When plugins you have installed on your site are removed from, Wordfence alerts you. Wordfence Alerts You When Plugins Are Removed From This ‘virtual patching’ by our security analysts and developers keeps your sites safe. In cases where we don’t already protect against a new threat, we develop a new firewall rule, deploying it to our Premium customers in real-time and free customers 30 days later. This is a great example of why using a firewall to protect your website is so important: you are immediately protected against most new threats. Both Wordfence free and Premium users have been protected against this attack since (and before) it was made public. The Wordfence firewall includes protection against new and emerging XSS attacks. Wordfence Firewall Includes Robust XSS Protection On October 4 (we think, as we have no way of confirming the exact date), the directory team removed the plugin.Īlso on October 4, someone named Diego (no last name given) reported in comments on the original vulnerability disclosure post that he had reached the author, so hopefully a fix will be released soon. The security researcher had apparently attempted to reach the author but had been unable to. A proof of concept is a demonstration that shows the plugin author (and in this case the entire internet, including potential attackers) how to exploit the security vulnerability. On June 29, an unnamed security researcher published the details of the vulnerability, including a proof of concept. In addition, we alerted all Wordfence users who have the plugin installed when it was removed from the plugin directory. Both Wordfence Free and Premium users who have the firewall enabled have been protected against attempts to exploit this vulnerability from day one. We assume it was removed because it contains a publicly known reflected cross-site scripting (XSS) vulnerability that has not been fixed. According to an archived snapshot, the plugin is installed on over 100,000 websites. We have received a number of questions regarding the Postman SMTP plugin which was removed from the directory this week. Postman SMTP Plugin With Unpatched Vulnerability Removed From Directory
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |