Nov 21, 2022 11:12 am
Hi,
I'am using wpforo in version 1.9.9.1 and the plugin is vulnerable as : https://wpscan.com/vulnerability/d54d5500-e034-4a4b-ab06-af2e84b7554b
Because of some custom code it is impossible to update the plugin for this time.
My question it is possible to disable the upload for subscriber user ? Or do anything that can fix the vuln ?
Thanks for your help
4 Replies
Nov 21, 2022 2:39 pm
Hi @kirua78,
Navigate to Dashboard > wpForo > Settings > Spam Protection, and check Do not allow attaching files with following extensions field
Nov 21, 2022 3:46 pm
Hi Chris,
Thanks for your reply, but i dont have the setting spam protection, i need to install a specific addons ?
Nov 22, 2022 4:41 pm
Perfect, thanks for your help