Support » Plugin: Newsletter » Executable code via third-party system is included

  • Resolved Ov3rfly

    (@ov3rfly)


    Plugin uses external CDN for codemirror package, e.g. cdnjs.cloudflare.com/ajax/libs/codemirror/5.37.0/codemirror.js and more.

    Problem: Plugin directory guidelines #8:

    Executing outside code within a plugin when not acting as a service is not allowed

    Suggested fix: Add the package to plugin.

    Newsletter 5.7.5, WordPress 4.9.8

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author Roberto Fietta

    (@webagile)

    Fixed, thanks.
    Roberto

    Ov3rfly

    (@ov3rfly)

    Please mark as “resolved” only after update with fix has been released. No fix in current version 5.7.5.

    Note: The “plugin directory guidelines #8” problem also affects other files, e.g.

    • cdnjs.cloudflare.com/ajax/libs/jqvmap/1.5.1/jquery.vmap.min.js
    • cdnjs.cloudflare.com/ajax/libs/jqvmap/1.5.1/maps/jquery.vmap.world.js
    • cdnjs.cloudflare.com/ajax/libs/Chart.js/2.7.2/Chart.min.js
    • maybe more, didn’t look further…

    Also various external webfonts are included from remote servers and external images from e.g. cdn.thenewsletterplugin.com/dashboard01.gif and youtube is directly embedded in plugin dashboard, all this voids GDPR as it sends user IP to those servers.

    Suggested fix: Add a “disable google webfonts” setting, add “disable youtube” setting, and bundle fontawesome and screenshots in plugin package.

    Newsletter 5.7.5, WordPress 4.9.8

    Ov3rfly

    (@ov3rfly)

    The “plugin directory guidelines #8” problems appear to be fixed with 5.7.6, thanks.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Executable code via third-party system is included’ is closed to new replies.