WordPress Breakdance plugin <= 1.7.2 - Authenticated Remote Code Execution (RCE) vulnerability

K

KNEET

New Pleskian
Server operating system version
Cent
Plesk version and microupdate number
Plesk Obsidian v18.0.75_build1800260102.11 os_RedHat el8

WordPress Breakdance plugin <= 1.7.2 - Authenticated Remote Code Execution (RCE) vulnerability
Authenticated Remote Code Execution (RCE) vulnerability discovered by Snicco in WordPress Plugin Breakdance (versions <= 1.7.2)

I keep on getting this vulnerabiltiy detected by WP Toolkit and it seems likt it disables this plugin after scanning/finding it. Resulting it the site going offline.
We have a license for Breakdance and are already on the latest version 2.6.1

After a lot of troubleshooting it seems to be a Plesk issue.

Can anyone help?

Thanks
 
Hello, @KNEET . For the time being, please navigate to Plesk > Subscriptions > example.com > More > Check for updates > Update Settings. Then under "Defined individually, but security updates are autoinstalled", please make sure that "Deactivate vulnerable plugins instead of updating them" is unchecked. I will discuss the matter about the vulnerability mismatch with our team on Monday and follow up with more details.
 
Hi, @KNEET Just wanted to let you know that our team informed the Patchstack team and they are currently attempting to communicate with the extension vendor and further looking into the matter.
 
You must log in or register to reply here.

Similar threads

D
Resolved Fixed vulnerability still showing up in WP-Toolkit
Replies
7
Views
5K
Sebahat.hadzhi
Sebahat.hadzhi
T
Issue WP Toolkit incorrect vulnerability and version reports
Replies
4
Views
4K
TurnRound
T
T
WordPress NextGEN Gallery Plugin <= 0.96 - XSS Vulnerability
Replies
0
Views
2K
Tinpeas
T
D
Resolved problem with alert about a vulnerability in a plugin that's already fixed
Replies
1
Views
3K
Daniel-spain
D
D
Can I stop Plesk creating tickets to Cloudlinux
Replies
11
Views
5K
Deleted member 190352
D
Back
Top