Vulnerabilities

Keeping our products safe is a top priority. While we work hard to ensure security, we know it’s impossible to foresee every scenario. That’s why we encourage our users and the security community to report any security concerns directly to us. We are committed to addressing all vulnerabilities in WP Cloud Plugins promptly and effectively.

Disclosure Policy

Please do not discuss any vulnerabilities (even resolved ones) without express consent.

Submit your report

When you've found a security issue, please submit the report to us via a support ticket. In your ticket, make sure to include:

• The impact of the issue.

• A detailed guide on how to reproduce the issue.

• (optional) A screenrecording demonstrating the issue.

After your submission

We will make a best effort to meet the following response targets for security reports:

• Time to first response (from report submit) – 3 business days

• Time to triage (from report submit) – 7 business days

We’ll keep you informed about our progress throughout the process.

Known vulnerabilities

Share-one-Drive

• Patched in version 1.15.3 - 6 December '21

XSS vulnerability in the search functionality of the plugin. Shout out to Trainer Red for discovering and responsibly disclosing this issue!

Use-your-Drive

• Patched in version 1.18.3 - 6 December '21

XSS vulnerability in the search functionality of the plugin. Shout out to Trainer Red for discovering and responsibly disclosing this issue!

Out-of-the-Box

• Patched in version 1.20.3 - 6 December '21

XSS vulnerability in the search functionality of the plugin. Shout out to Trainer Red for discovering and responsibly disclosing this issue!

CROSS SITE SCRIPTING (XSS) • Patched in version 2.7.2 - 5 December '23

XSS vulnerability in the deprecated deeplink functionality of the plugin.

Lets-Box

• Patched in version 1.13.3 - 6 December '21

XSS vulnerability in the search functionality of the plugin. Shout out to Trainer Red for discovering and responsibly disclosing this issue!