Massive Security Hole with File Downloads
s2Member Plugin. A Membership plugin for WordPress®.
9 posts
• Page 1 of 1
Massive Security Hole with File Downloads
by bluedot » August 11th, 2011, 3:54 pm
----
Last edited by Jason Caldwell on August 12th, 2011, 12:31 am, edited 3 times in total.
Reason: Edited for security.
Reason: Edited for security.
-
bluedot - Registered User
- Posts: 2
- Joined: August 11, 2011
Re: Massive Security Hole with File Downloads
by Bruce C » August 11th, 2011, 7:01 pm
I get a 404 error when I try something like that.
Have you encrypted your website? I'll run some more tests and see if I can replicate the situation.
Have you encrypted your website? I'll run some more tests and see if I can replicate the situation.
~Bruce ( a.k.a. Ace )
If you're interested in a Professional Installation, or Custom Coding Job, you can send your request here.
Proud Supporter of:
The Zeitgeist Movement and Occupy Everything
If you're interested in a Professional Installation, or Custom Coding Job, you can send your request here.
Proud Supporter of:
The Zeitgeist Movement and Occupy Everything
-
Bruce C - Experienced User
- Posts: 337
- Joined: July 20, 2011
Re: Massive Security Hole with File Downloads
by Ciderhelm » August 11th, 2011, 8:38 pm
Ace, I sent you a PM. I can confirm what Bluedot has posted.
-
Ciderhelm - Registered User
- Posts: 1
- Joined: August 11, 2011
Re: Massive Security Hole with File Downloads
by Cristián Lávaque » August 11th, 2011, 9:37 pm
Thank you guys. I emailed Jason.
Cristián Lávaque http://s2member.net
Is s2Member working for you? Please rate it
at WordPress.org. Thanks! :)
Is s2Member working for you? Please rate it
-
Cristián Lávaque - Developer
- Posts: 6836
- Joined: December 22, 2010
Re: Massive Security Hole with File Downloads
by Jason Caldwell » August 11th, 2011, 10:47 pm
Thanks for reporting this important security issue.
~ We're investigating this now.
~ We're investigating this now.
~ Jason Caldwell / Lead Developer
& Zeitgeist Movie Advocate: http://www.zeitgeistmovie.com/
Is the s2Member plugin working for you? Please rate s2Member at WordPress.org.
You'll need a WordPress.org account ( comes in handy ). Then rate s2Member here.
& Zeitgeist Movie Advocate: http://www.zeitgeistmovie.com/
Is the s2Member plugin working for you? Please rate s2Member at WordPress.org.
You'll need a WordPress.org account ( comes in handy ). Then rate s2Member here
-
Jason Caldwell - Lead Developer
- Posts: 4045
- Joined: May 3, 2010
- Location: Georgia / USA
Re: Massive Security Hole with File Downloads
by Cristián Lávaque » August 11th, 2011, 10:49 pm
Awesome! Thanks Jason.
Cristián Lávaque http://s2member.net
Is s2Member working for you? Please rate it at WordPress.org. Thanks! :)
Is s2Member working for you? Please rate it
-
Cristián Lávaque - Developer
- Posts: 6836
- Joined: December 22, 2010
Re: Massive Security Hole with File Downloads
by Jason Caldwell » August 12th, 2011, 12:27 am
Thanks for the heads up on this thread Cristián.
This major security issue has been resolved in the release of s2Member v110812.
Please see this update for details: viewtopic.php?f=46&t=14419
s2Member® v110812 Security Release ( now available! )
http://wordpress.org/extend/plugins/s2member/
IMPORTANT: This release addresses an important security vulnerability in previous releases of the s2Member Framework ( i.e. the free version of s2Member ). Sites with Download Options configured for s2Member should be advised to update to s2Member v110812+ as soon as possible to avoid possible exploits. Changelog is located here: http://wordpress.org/extend/plugins/s2member/changelog/
This major security issue has been resolved in the release of s2Member v110812.
Please see this update for details: viewtopic.php?f=46&t=14419
s2Member® v110812 Security Release ( now available! )
http://wordpress.org/extend/plugins/s2member/
IMPORTANT: This release addresses an important security vulnerability in previous releases of the s2Member Framework ( i.e. the free version of s2Member ). Sites with Download Options configured for s2Member should be advised to update to s2Member v110812+ as soon as possible to avoid possible exploits. Changelog is located here: http://wordpress.org/extend/plugins/s2member/changelog/
~ Jason Caldwell / Lead Developer
& Zeitgeist Movie Advocate: http://www.zeitgeistmovie.com/
Is the s2Member plugin working for you? Please rate s2Member at WordPress.org.
You'll need a WordPress.org account ( comes in handy ). Then rate s2Member here.
& Zeitgeist Movie Advocate: http://www.zeitgeistmovie.com/
Is the s2Member plugin working for you? Please rate s2Member at WordPress.org.
You'll need a WordPress.org account ( comes in handy ). Then rate s2Member here
-
Jason Caldwell - Lead Developer
- Posts: 4045
- Joined: May 3, 2010
- Location: Georgia / USA
Re: Massive Security Hole with File Downloads
by bluedot » August 12th, 2011, 12:41 am
Just installed, appears to have fixed it!
Big thanks for the quick turn around on this!
Big thanks for the quick turn around on this!
-
bluedot - Registered User
- Posts: 2
- Joined: August 11, 2011
Re: Massive Security Hole with File Downloads
by Jason Caldwell » August 12th, 2011, 12:43 am
Thanks for the follow-up.
Very welcome. Thank you VERY much for reporting this!
bluedot wrote:Just installed, appears to have fixed it!
Big thanks for the quick turn around on this!
Very welcome. Thank you VERY much for reporting this!
~ Jason Caldwell / Lead Developer
& Zeitgeist Movie Advocate: http://www.zeitgeistmovie.com/
Is the s2Member plugin working for you? Please rate s2Member at WordPress.org.
You'll need a WordPress.org account ( comes in handy ). Then rate s2Member here.
& Zeitgeist Movie Advocate: http://www.zeitgeistmovie.com/
Is the s2Member plugin working for you? Please rate s2Member at WordPress.org.
You'll need a WordPress.org account ( comes in handy ). Then rate s2Member here
-
Jason Caldwell - Lead Developer
- Posts: 4045
- Joined: May 3, 2010
- Location: Georgia / USA
9 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 1 guest