[wp-trac] [WordPress Trac] #60649: plupload is extremely outdated, it's used by wp core file, auto update was disabled and found vulnerbility
WordPress Trac
noreply at wordpress.org
Tue Feb 27 20:17:35 UTC 2024
#60649: plupload is extremely outdated, it's used by wp core file, auto update was
disabled and found vulnerbility
--------------------------+------------------------
Reporter: harrisonchen | Owner: (none)
Type: defect (bug) | Status: closed
Priority: normal | Milestone:
Component: Security | Version:
Severity: normal | Resolution: duplicate
Keywords: | Focuses:
--------------------------+------------------------
Changes (by jorbin):
* status: new => closed
* severity: major => normal
* version: 6.4.3 =>
* milestone: Awaiting Review =>
* keywords: needs-patch =>
* resolution: => duplicate
Comment:
hi @harrisonchen, welcome to WordPress Trac. This is a duplicate of
#48277, but the TL;DR is Plupload has had more recent versions under a
different license, and 2.1.9 is the latest GPL-compatible version.
In addition, if you believe you have found a legitimate security issue, it
is imperative to make security-related reports on
https://hackerone.com/wordpress. Unfortunately, many automated scans are
inaccurate, so please make sure to validate the results before reporting.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/60649#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list