Temporary patching broken access control vulnerability | WordPress.org

Resolved hastibe
(@hastibe)

1 month ago

If one can’t yet fully update to the latest plugin version, can the broken access control vulnerability patched in the latest version (2.4.1) be manually fixed by pasting in the extra lines (147-151) here added to class-wp-job-manager-ajax.php as a temporary step until updating to the latest plugin version is possible?

Viewing 4 replies - 1 through 4 (of 4 total)

Plugin Support Jay
(@bluejay77)

4 weeks, 1 day ago

Hi @hastibe,

Just so we’re on the same page, would you share why one wouldn’t be able to fully update to the latest plugin version?

Thread Starter hastibe
(@hastibe)

4 weeks ago

@bluejay77 — in short, because of other customization. This is a timely, security-related issue, though, and could you please help me with my question?
Plugin Author Donncha O Caoimh (a11n)
(@donncha)

3 weeks, 4 days ago
You’ll need the changes from two PRs to be covered. If you don’t have password-protected jobs you can skip 2913 for now. You can skip the changes to the tests too of course.
- https://github.com/Automattic/WP-Job-Manager/pull/2913/changes
- https://github.com/Automattic/WP-Job-Manager/pull/2914/changes
Thread Starter hastibe
(@hastibe)

3 weeks, 3 days ago

Thanks, @donncha! Appreciate your assistance.

Viewing 4 replies - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.

4 replies
3 participants
Last reply from: hastibe
Last activity: 3 weeks, 3 days ago
Status: resolved