Today, we release updates for some products that fix security issue. The updates are: QAEngine and DirectoryEngine. We take the security issue very seriously, so as soon as we notice the bug, we immediately work on and remove it at soonest.
Please remember to get the latest versions right away so that it won’t affect your business.
For more details, we fixed the function code so that the attacker can’t obtain the administrator accounts any more. They can’t create a new admin account or change the password just by using the user_ID.
This issue was notified by one of our customers, thanks to him, we can quickly resolve the bug. Also, we’ve checked the theme thoroughly all over again to make sure everything will be fine. This is a valuable experience for us and we’ll have plan for a regular security review.
We really sorry for the inconvenience the issue may cause.
QAEngine version 1.5.1
Together with the security update release, we want to introduce some small changes in QAEngine version 1.5.1
Implement “Pending” tab
A new section named “Pending” is added so that admin can easily approve new posts. This section stored all the new posted ones, admin don’t have to visit every single post to approve it anymore. You can quickly find new questions or answers right in the front-end and approve them just by a click.