HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Security Flaw - TapaTalk

If you're site is using TapaTalk, update now! There was a security flaw found in TapaTalk and they decided NOT to inform anyone or advise anyone to update their files.

I did not find out until today, when I just happen to scroll over and found a post about it.

They even publicly admit to patching it silently, but NOT issuing a release or any notice telling people they should replace their files (because they did not even bother changing the version number either). :o

So I can only imagine how many sites are using the other copy without knowing they have a problem. This is completely irresponsible. :#

**Direct Quote:
" ** _ Hi,

This issue has been addressed in April 26th, 9 days before this site published the issue. However, since this is a low risk item - we have simply replaced all the plugins that are affected. If this is concerning you and If you have updated the plugin after April 26th, you are not affected. _ "
:End Quote

Source: https://support.tapatalk.com/threads/tapatalk-cross-site-scripting-vulnerability.24719/

Tagged:
Sign In or Register to comment.