We had an independent security person test our site last week and he found a security issue in Simple Renew.
Our developer fixed the issue and we've released a new version of Simple Renew. Please download the latest version of Simple Renew and upgrade to it at your earliest opportunity. Alternatively, you can upgrade from Joomla's update manager.
Please read the below info:
- Project: Simple Renew.
- Severity: Moderate.
- Report Date: November 11, 2015.
- Fixed/Release Date: Likely November 19, 2015.
- Description of the problem: Inadequate filtering of output data leads to a cross-site scripting vulnerability.
- Affected Installs: All Simple Renew versions prior to v1.1.18.
- Likelihood that this security issue has been exploited on your site: Extremely unlikely. First off, it's very unlikely that anyone's known about it until now. Secondly, it would require a series of improbable events on the part of the admin for it to be exploited.
- Solution: Upgrade to v1.1.18, preferably before November 16, 2015.
- Legitimacy of this message: You can call us at 678-830-2168 ext 0 to confirm the legitimacy of this message.
As usual, let us know if you have any questions and we'll be glad to answer. Thanks!