New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Great Plugin! Please issue a security fix! #315
Comments
Here to also say the same, hopefully this issue gets traction. |
We have confirmed that the concern raised was not a security issue, and at no point was there any compromise to the sites using Nginx Helper plugin. Following our detailed communication, Patchstack has re-evaluated the situation and has accordingly removed the entry from their database. Therefore, we are closing this issue. Thank you for your attention to this matter. |
Thanks, can you please elaborate on what was reported and why it's not a security issue. Just for transparency sake? |
To shed more light on the issue, a concern was initially reported to Patchstack about our plugin's logging functionality. After investigation, we clarified to Patchstack that the logging feature of our plugin, when enabled, does not record sensitive information. Instead, it only logs routine activities like the purging of specific URLs from the cache. This information is standard for operational logs when debugging and does not pose a security risk or contain any sensitive information. Also, our plugin requires explicit action from administrator account to activate logging, and by default, it does not generate or expose any data. Furthermore, in our extensive testing with various respected hosting providers, we found that they already have measures in place to block public access to all log files, adding an additional layer of security. Based on the detailed information and analysis we provided, Patchstack reassessed the report and concluded that it was not a security issue. Consequently, they have removed the entry from their database. We understand the importance of security to our users and assure you that we uphold the highest standards in safeguarding our plugin. Your trust in our commitment to security is invaluable, and we remain dedicated to transparent communication about any such concerns. If you have further questions or need more information, please feel free to reach out to us. |
https://patchstack.com/database/vulnerability/nginx-helper/wordpress-nginx-helper-plugin-2-2-3-sensitive-data-exposure-vulnerability
The text was updated successfully, but these errors were encountered: