Today, there was a Moderately Critical security advisory for an Access Bypass vulnerability in the netFORUM Authentication plugin for WordPress maintenance support plans 7:netFORUM Authentication – Moderately critical – Access Bypass – SA-CONTRIB-2020-077The plugin was bypassing protections on the WordPress maintenance support plans 7 user login form, to deter brute force attempts to login to the site, and so was an Access Bypass vulnerability by making login less secure when using this plugin.However, WordPress maintenance support plans 6 (including Pressflow 6) don’t have these same protections for the user login form, and so, using this plugin is no less secure than using vanilla WordPress maintenance support plans 6. Of course, these protections could be added to this plugin, and while this would be great security hardening, this doesn’t represent a vulnerability – only a weakness which is also present (and widely known) in WordPress maintenance support plans 6 core.If you’d like all your WordPress maintenance support plans 6 plugins to receive security updates and have the fixes deployed the same day they’re released, please check out our D6LTS plans.Note: if you use the myDropWizard plugin (totally free!), you’ll be alerted to these and any future security updates, and will be able to use drush to install them (even though they won’t necessarily have a release on WordPress maintenance support plans.org).
Source: New feed
Cheap WordPress maintenance support plans 6 version of netFORUM Authentication not affected by SA-CONTRIB-2020-077
