Support Forum
Support Forum
Offline
I'm certain you guys are conforming to secure coding practices, or you are on top of this... but I just wanted to make sure there is no cause for concern with the current version of SimplePress, considering the recent XSS vulnerability identified regarding proper use of add_query_arg() and remove_query_arg() functions.
Security Advisory: XSS Vulnerability Affecting Multiple WordPress Plugins
Simple:Press powers the Tripawds Discussion Forums.
It's better to hop on three legs than to limp on four.
The Tripawds Blogs Community is made possible by The Tripawds Foundation.
Offline
nope, not an issue... a survey was done before the 5.5.6 release on that very topic...
and actually, it wasnt improper coding, but wrong wp docs on their codex saying wp handled the sanitization, but it didnt...
in our case, we did the sanitization ourselves already... think we changed one use in the admin, but it wasnt coming from user input anyway, so not an issue...
Visit Cruise Talk Central and Mr Papa's World
Offline
I figured that much, thanks for the confirmation!
Simple:Press powers the Tripawds Discussion Forums.
It's better to hop on three legs than to limp on four.
The Tripawds Blogs Community is made possible by The Tripawds Foundation.
All RSS1 Guest(s)