WordPress Oxygen Builder Plugin <= 4.8.2 is vulnerable to Remote Code Execution (RCE)
Closed this issue · 7 comments
Please see here for more information. There's no RCE vulnerability in Oxygen: https://oxygenbuilder.com/oxygen-4-8-2-now-available/.
@KittenCodes you are right about the post you mentioned above, and I fully agree...
But patchstack and others have bigger profile than oxygen, and hostings which are partnered with patchstack, are disabling oxygen plugin entirely, and doesn't allow to build anything or break already built sites,
I suggest better to collaborate then for the good of the oxygen, as I and most of the people are still with oxygen, but currently I'm not going to use oxygen in any premium hosting service which is partnered with patchstack or wordfence or sucuri
I hope a good future of oxygen, and if oxygen team is not listening to this request then it will be dead for sure soon. I know this is harsh words but this is reality
hostings which are partnered with patchstack, are disabling oxygen plugin entirely, and doesn't allow to build anything or break already built sites
Which hosts are disabling Oxygen due to this invalid CVE?
haven't you seen posts in facebook post about that... aah sorry, you couldn't because posta are getting deleted about that and stopped commenting.
I'm as a user can see it, but as a support or developer how you couldn't see that. I'm being with oxygen and stayed with it till now, but you asked a question that is already public, seems a bad impression.
Never I'll go back to custom theme development or use another builder from now.
You can live your dream of over-trusting yourself, I'll do mine.
This is my last interaction with this issue.
I've tagged @Spellhammer you in a faceboon post and it is deleted at the same time, how rude and untrusted reaction...
such a shame.
Please email support@oxygenbuilder.com if you are on a host that is using unvetted, disputed CVEs to deactivate plugins. We want to know about it.
We are using Plesk to host wordpress installations at my university and we got the authomatic patchstack warning through the wordpess toolkit with the severity level 9.9. Normally we would deactivate plugins with this severity level at once, but the affected blogs wouldn't be functioning without oxygen. This is why I opened the issue here. After your explanation I reviewed the settings of these blogs and it's ok for me now. I don't know about other hosters policies on this matter.