Patchstack warning concerning 2.5.4 | WordPress.org

Resolved nealumphred
(@nealumphred)

1 month, 3 weeks ago

I just received a notice from Patchstack concerning Custom Login Page Customizer 2.5.4:

“High priority Unauthenticated Arbitrary Password Reset vulnerability found in version(s) < 2.5.4.”

Viewing 2 replies - 1 through 2 (of 2 total)

Plugin Support Abdul Wahab
(@abdulwahab610)

1 month, 3 weeks ago

Hey, @nealumphred

Yeah, this issue persisted in the < 2.5.4 version; however, it’s fixed in v2.5.4, and Patchstack approved. Have a look https://patchstack.com/database/wordpress/plugin/login-customizer/vulnerability/wordpress-custom-login-page-customizer-plugin-2-5-4-unauthenticated-arbitrary-password-reset-vulnerability

Thank you.

Thread Starter nealumphred
(@nealumphred)

1 month, 3 weeks ago

ABDUL

I saw the less-than symbol (<) and it simply did not register with me.

Now I can reactivate version 2.5.4 on my blogs!

Thanks.

NEAL

Viewing 2 replies - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.

3 replies
2 participants
Last reply from: nealumphred
Last activity: 1 month, 3 weeks ago
Status: resolved