Multisite Security Flaw in WPFront User Role Editor

Recent events showcase that the team managing WordPress is committed to security.

Plugins are removed from the WordPress.org plugin directory once WordPress is made aware of any security related issues related to a plugin or theme within their directory and have verified their authenticity.

 

WPFront User Role Editor Withdrawn

This is what happened on Jan. 20th, 2019 to the WPFront User Role Editor, which has been temporarily withdrawn from the WordPress.org plugin directory. It was reported and verified to have an exploitable security flaw but only when installed on a WordPress website utilizing Multisite installation.

 

WPFront User Role Editor Patched

The plugin’s author and publisher, Syam Mohan, worked quickly to resolve the security issue(s) with WPFront User Role Editor plugin and has already released a patched version of the software (version 2.14.2) which is available for download from his website.

Now that the WPFront User Role Editor plugin has been submitted to the team at WordPress it must undergo a complete review. If accepted, WPFront User Role Editor will be re-enabled for download from the WordPress.org plugin repository. This process may take anywhere from 5-10 business days or longer dependent upon the plugins review.

If you are running a WordPress website utilizing the Multisite Network feature and have WPFront User Role Editor installed it is recommend that you visit the authors website and implement the latest patched version of the plugin.

 

Conclusion

I welcome your thoughts, questions or suggestions on my article on the Multisite Security Flaw in WPFront User Role Editor WordPress plugin.

You may support my work by sending me a tip using your Brave browser or by sending me a one time donation using your credit card.

Let me know if you found any errors within my article or if I may further assist you by answering any additional questions you may have.