Conversation
supportHi there, I am using your plugin on several sites. Unfortunately now I get Messages that a vulnerability has discovered. “WPS Limit Login v1.5.6 Low Race Condition vulnerability discovered by konagash (Patchstack Alliance) in WordPress Plugin WPS Limit Login (versions <= 1.5.6)” Will that me solved within the next patch? Yes? When will the next update be launched? Thank you very much in advance! Kind regards, Thomas
Same applies to me. Following thread.
Hello, Thanks for using WPS Limit Login. Our dev team is working on a patch. We hope we’ll find a patch and release a new version very soon. If you get a way to solve this vulnerability, we’ll be happy to check it 🙂
Thanks. Can you please inform me here as soon as the problem is solved. Thank you very much!
@seinomedia If your developer is struggling to find fix perhaps you can share more details on what the race condition is and we in the community can take a closer look. I might be able to spend an hour or two looking at it but I would like a little more direction on how to reproduce or otherwise get pointed out in the right direction before I commit some time.
Thanks @shaunek A “race condition” happens when multiple processes or threads access shared resources or data simultaneously, and the outcome is dependent on the order in which these processes execute.
You’ve released an update, but the same critical vulnerability exists!
Indeed, the update hasn’t fixed it on my end as well.
Hello, This issue doens’t exist anymore since the last release. Can you check it, please ?
Hello Max – already have checked it, sadly the issue still exists in the version 1.5.7.
Yes – it’s still there, according to Wordfence.
Hello, Wordfence, database isn’t up to date. This issue has been fixed. The last release has been validated by Patchstack : https://patchstack.com/database
@seinomedia Thanks for sharing and thanks for resolving for us. As a side note it is kinda weird that the vuln report doesn’t even exist on Patchstack anymore. When I search for “WPS Limit Login” I get 1 result from 2019 but not the vuln discussed in this thread. But I do see that the Wordfence page links to a no-longer-working page on Patchstack ( https://patchstack.com/database/vulnerability/wps-limit-login/wordpress-wps-limit-login-plugin-1-5-6-race-condition-vulnerability ). Odd that the Patchstack page does a redirect and it isn’t searchable any longer.
I will re-install once Wordfence says it is safe to do so.
Hi, sorry for my delayed response! On my end, the vulnerable warning in Wordfence is still appearing. @strettonbull , is it working for you, or is it also still showing in Wordfence? No? What have you done to achieve that? Kind regards.
It’s still showing in Wordfence.
Same applies to me. Following thread.
Hello, Thanks for using WPS Limit Login. Our dev team is working on a patch. We hope we’ll find a patch and release a new version very soon. If you get a way to solve this vulnerability, we’ll be happy to check it 🙂
Thanks. Can you please inform me here as soon as the problem is solved. Thank you very much!
@seinomedia If your developer is struggling to find fix perhaps you can share more details on what the race condition is and we in the community can take a closer look. I might be able to spend an hour or two looking at it but I would like a little more direction on how to reproduce or otherwise get pointed out in the right direction before I commit some time.
Thanks @shaunek A “race condition” happens when multiple processes or threads access shared resources or data simultaneously, and the outcome is dependent on the order in which these processes execute.
You’ve released an update, but the same critical vulnerability exists!
Indeed, the update hasn’t fixed it on my end as well.
Hello, This issue doens’t exist anymore since the last release. Can you check it, please ?
Hello Max – already have checked it, sadly the issue still exists in the version 1.5.7.
Yes – it’s still there, according to Wordfence.
Hello, Wordfence, database isn’t up to date. This issue has been fixed. The last release has been validated by Patchstack : https://patchstack.com/database
@seinomedia Thanks for sharing and thanks for resolving for us. As a side note it is kinda weird that the vuln report doesn’t even exist on Patchstack anymore. When I search for “WPS Limit Login” I get 1 result from 2019 but not the vuln discussed in this thread. But I do see that the Wordfence page links to a no-longer-working page on Patchstack ( https://patchstack.com/database/vulnerability/wps-limit-login/wordpress-wps-limit-login-plugin-1-5-6-race-condition-vulnerability ). Odd that the Patchstack page does a redirect and it isn’t searchable any longer.
I will re-install once Wordfence says it is safe to do so.
Hi, sorry for my delayed response! On my end, the vulnerable warning in Wordfence is still appearing. @strettonbull , is it working for you, or is it also still showing in Wordfence? No? What have you done to achieve that? Kind regards.
It’s still showing in Wordfence.