the answer for all question about Oxygen Builder plugin and WordPress

ATTN dplugin users of Scripts Organizer. There is a security issue that allows a


ATTN dplugin users of Scripts Organizer. There is a security issue that allows attackers to modify code.

As of version 2.4.2 of the plugin (the most current version in GitHub), a request to the “admin AJAX” url at /wp-admin/admin-ajax.php?action=saveScript can be ran without authentication and without requiring a security toke (nonce). The code is triggered by the unauthenticated wp_ajax_nopriv_saveScript action, located in plugins/scripts-organizer/admin/feature__scripts-manager-functions.php:add_action( ‘wp_ajax_nopriv_saveScript’, array($this, ‘saveScript_func’) );

A solution has not been released as yet. We don’t know of any ETA on a fix.



Source

Capital Design Set

Whistle Design Set

3 Comments
  1. Marko says

    That is fixed

  2. Marko says

    It’s done but not released in stable that will be by the end of the week

Leave A Reply

Your email address will not be published.

Oxyrealm Docs OxyMade - Oxygen Builder Design Set Mega collection