Massive Security Hole with File Downloads
Posted: August 11th, 2011, 3:54 pm----
I get a 404 error when I try something like that.
Have you encrypted your website? I'll run some more tests and see if I can replicate the situation.
Community Support Forums
— WordPress® ( Users Helping Users ) —
http://www.primothemes.com/forums/
Massive Security Hole with File Downloads
Page 1 of 1
Posted: August 11th, 2011, 3:54 pmRe: Massive Security Hole with File Downloads
Posted: August 11th, 2011, 7:01 pmRe: Massive Security Hole with File Downloads
Posted: August 11th, 2011, 8:38 pmAce, I sent you a PM. I can confirm what Bluedot has posted.
Re: Massive Security Hole with File Downloads
Posted: August 11th, 2011, 9:37 pmThank you guys. I emailed Jason.
Re: Massive Security Hole with File Downloads
Posted: August 11th, 2011, 10:47 pmThanks for reporting this important security issue.
~ We're investigating this now.
~ We're investigating this now.
Re: Massive Security Hole with File Downloads
Posted: August 11th, 2011, 10:49 pmAwesome! Thanks Jason.
Re: Massive Security Hole with File Downloads
Posted: August 12th, 2011, 12:27 amThanks for the heads up on this thread Cristián.
This major security issue has been resolved in the release of s2Member v110812.
Please see this update for details: viewtopic.php?f=46&t=14419
s2Member® v110812 Security Release ( now available! )
http://wordpress.org/extend/plugins/s2member/
IMPORTANT: This release addresses an important security vulnerability in previous releases of the s2Member Framework ( i.e. the free version of s2Member ). Sites with Download Options configured for s2Member should be advised to update to s2Member v110812+ as soon as possible to avoid possible exploits. Changelog is located here: http://wordpress.org/extend/plugins/s2member/changelog/
This major security issue has been resolved in the release of s2Member v110812.
Please see this update for details: viewtopic.php?f=46&t=14419
s2Member® v110812 Security Release ( now available! )
http://wordpress.org/extend/plugins/s2member/
IMPORTANT: This release addresses an important security vulnerability in previous releases of the s2Member Framework ( i.e. the free version of s2Member ). Sites with Download Options configured for s2Member should be advised to update to s2Member v110812+ as soon as possible to avoid possible exploits. Changelog is located here: http://wordpress.org/extend/plugins/s2member/changelog/
Re: Massive Security Hole with File Downloads
Posted: August 12th, 2011, 12:41 amJust installed, appears to have fixed it!
Big thanks for the quick turn around on this!
Big thanks for the quick turn around on this!
Re: Massive Security Hole with File Downloads
Posted: August 12th, 2011, 12:43 amThanks for the follow-up.
Very welcome. Thank you VERY much for reporting this!
bluedot wrote:Just installed, appears to have fixed it!
Big thanks for the quick turn around on this!
Very welcome. Thank you VERY much for reporting this!