• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

More details re: bulk uploader fix?

dashifen

New member
Messages
2
Likes
0
Points
1
#1
Hello,

Temyk indicated that I should come by the forums for more information related to what happened with the 301 bulk uploader plugin and how it was fixed. I did find Unauthenticated option changes in WordPress Simple 301 Redirects Addon Bulk Uploader plugin. online which has a summary of the problem. Is it accurate and, if so, what was done to correct the problem.

Meanwhile, I'll update to 1.2.5. Thank you so much for such a rapid fix to the problem and for being willing to share some details here.

Cheers,
Dash
 

Temyk

Support team
Staff member
Messages
315
Likes
20
Points
18
#2
Is it accurate and, if so, what was done to correct the problem.
We have fixed bugs in the code, now outsiders will not be able to access your redirects, but the redirects created by the hacker remained on your site.
Go to the 301 Redirects management page (Settings/301 Redirects) and remove unnecessary redirects!
 

Temyk

Support team
Staff member
Messages
315
Likes
20
Points
18
#5
Hello, @Vikaspandey.

Our plugin is designed to work with redirects, so attackers redirected users to their sites.

Together with the form you need to send nonce and check it when processing the form. And also you need to check the user permissions using the function current_user_can()
 
Messages
8
Likes
0
Points
1
#7
Hello Temyk,
Thanks for prompt response
But without admin privilege how they make redirect
Appreciate your response
Thanks
 

Temyk

Support team
Staff member
Messages
315
Likes
20
Points
18
#8
Therefore, you need to check the privileges of the administrator using the function current_user_can()
 

Temyk

Support team
Staff member
Messages
315
Likes
20
Points
18
#11
In your case, the problem may be different. If you know programming, you can find the problem. I don't know your code, so I can't tell you.
 
Messages
8
Likes
0
Points
1
#12
We are facing the same issue
We have unwanted entries for redirection
When we delete those entries everything goes back
But we just want to know without admin login how this redirect passed
Can you please let us know the example of it
 

Temyk

Support team
Staff member
Messages
315
Likes
20
Points
18
#13
Are you using the 301 redirect plugin and our 301 redirects bulk upload addon?
 

Temyk

Support team
Staff member
Messages
315
Likes
20
Points
18
#15
We fixed the vulnerability in the latest update of 301 redirects bulk upload. Update the plugin and remove all unnecessary redirects
 

Temyk

Support team
Staff member
Messages
315
Likes
20
Points
18
#18
We do not share this information about vulnerabilities. Just update the plugin.