Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author twinpictures


    Hello Everyone,

    two, no, three points.

    • The XSS issue is predicated upon someone with permission to publish a shortcode can also slip in some bad script as an attribute.
    • We published this plugin over 10 years ago, to give back to the community, and are evaluating its value 10 years on.
    • Collapse-O-Matic is an open-source project that anyone can submit a pull request to here:

    We dearly enjoyed supporting the WordPress community as we build our first sites back in 2006 — before YouTube! However, unless there is more community support, we are seriously considering an end-of-life ‘sundowner’ for this plugin.

    It was always about sharing a solution, after all, not providing a product. Even our pro version was about offering personal support. If you know, you know.

    Regardless, if you need to call off the buzzing XSS bees now better start looking for a plan B. If you have a bit of patience — or better yet — have a pull request, stay tuned.

    • This reply was modified 9 months ago by twinpictures. Reason: formating, etc
    Plugin Author twinpictures


    For those amongst us who appreciate bullet points:

    • Yes, we are aware of the issueI. t’s not a real threat, unless someone has authorisation to publish has access to your site
    • This was a labor of love back when we started all those years ago
    • We’ll do what we can, when we can, but if an immediate solution is required, start looking elsewhere
    • If you are able to contribute to the community, please do so

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Please fix this vulnerability’ is closed to new replies.