• Introducing XDA Computing: Discussion zones for Hardware, Software, and more!    Check it out!

IMPORTANT --- Security Flaw in TapaTalk

Search This thread
If you're site is using TapaTalk, update now! There was a security flaw found in TapaTalk and they decided NOT to inform anyone or advise anyone to update their files.

I did not find out until today, when I just happen to scroll over and found a post about it.

They even publicly admit to patching it silently, but NOT issuing a release or any notice telling people they should replace their files (because they did not even bother changing the version number either). :eek:

So I can only imagine how many sites are using the other copy without knowing they have a problem. This is completely irresponsible. :mad:

TapaTalk said:
Hi,

This issue has been addressed in April 26th, 9 days before this site published the issue. However, since this is a low risk item - we have simply replaced all the plugins that are affected. If this is concerning you and If you have updated the plugin after April 26th, you are not affected.
Source: https://support.tapatalk.com/threads/tapatalk-cross-site-scripting-vulnerability.24719/#post-131407

attached screenshot to confirm
 

bitpushr

XDA:Administrator
If you're site is using TapaTalk, update now! There was a security flaw found in TapaTalk and they decided NOT to inform anyone or advise anyone to update their files.

I did not find out until today, when I just happen to scroll over and found a post about it.

They even publicly admit to patching it silently, but NOT issuing a release or any notice telling people they should replace their files (because they did not even bother changing the version number either). :eek:

So I can only imagine how many sites are using the other copy without knowing they have a problem. This is completely irresponsible. :mad:


Source: https://support.tapatalk.com/threads/tapatalk-cross-site-scripting-vulnerability.24719/#post-131407

attached screenshot to confirm

Thanks for the heads up - we actually do use this plugin, even though we have this particular 'smartbanner' plugin disabled, I removed the files just to be safe.
 
  • Like
Reactions: Socially Uncensored
Thanks for the heads up - we actually do use this plugin, even though we have this particular 'smartbanner' plugin disabled, I removed the files just to be safe.

You're welcome. :cool:

Wish that they (TapaTalk) had informed you about it (as well as everyone else they should have informed). As a part-time webmaster / administrator, I know how frustrating these little things can be. I also know I use a lot of the goodies I find here on XDA and would always want it safe and secure. So when I found out about this, figured I should inform a few places including here.

Glad I could be of some help :)
 

D0MINO

Senior Member
Jan 14, 2011
230
32
I am a user of a different forum that was taken off Tapatalk this week for good due to 'security and privacy concerns' - so they told me.

Is it a risk to use Tapatalk?

Is there a possibility that user account details/credentials could be harvested like those Snapchatters recently who used an unofficial app?
 

Top Liked Posts

  • There are no posts matching your filters.
  • 4
    If you're site is using TapaTalk, update now! There was a security flaw found in TapaTalk and they decided NOT to inform anyone or advise anyone to update their files.

    I did not find out until today, when I just happen to scroll over and found a post about it.

    They even publicly admit to patching it silently, but NOT issuing a release or any notice telling people they should replace their files (because they did not even bother changing the version number either). :eek:

    So I can only imagine how many sites are using the other copy without knowing they have a problem. This is completely irresponsible. :mad:

    TapaTalk said:
    Hi,

    This issue has been addressed in April 26th, 9 days before this site published the issue. However, since this is a low risk item - we have simply replaced all the plugins that are affected. If this is concerning you and If you have updated the plugin after April 26th, you are not affected.
    Source: https://support.tapatalk.com/threads/tapatalk-cross-site-scripting-vulnerability.24719/#post-131407

    attached screenshot to confirm
    1
    If you're site is using TapaTalk, update now! There was a security flaw found in TapaTalk and they decided NOT to inform anyone or advise anyone to update their files.

    I did not find out until today, when I just happen to scroll over and found a post about it.

    They even publicly admit to patching it silently, but NOT issuing a release or any notice telling people they should replace their files (because they did not even bother changing the version number either). :eek:

    So I can only imagine how many sites are using the other copy without knowing they have a problem. This is completely irresponsible. :mad:


    Source: https://support.tapatalk.com/threads/tapatalk-cross-site-scripting-vulnerability.24719/#post-131407

    attached screenshot to confirm

    Thanks for the heads up - we actually do use this plugin, even though we have this particular 'smartbanner' plugin disabled, I removed the files just to be safe.