Hello Everyone,
two, no, three points.
- The XSS issue is predicated upon someone with permission to publish a shortcode can also slip in some bad script as an attribute.
- We published this plugin over 10 years ago, to give back to the community, and are evaluating its value 10 years on.
- Collapse-O-Matic is an open-source project that anyone can submit a pull request to here: https://github.com/baden03/collapse-o-matic.
We dearly enjoyed supporting the WordPress community as we build our first sites back in 2006 — before YouTube! However, unless there is more community support, we are seriously considering an end-of-life ‘sundowner’ for this plugin.
It was always about sharing a solution, after all, not providing a product. Even our pro version was about offering personal support. If you know, you know.
Regardless, if you need to call off the buzzing XSS bees now better start looking for a plan B. If you have a bit of patience — or better yet — have a pull request, stay tuned.
-
This reply was modified 1 year ago by twinpictures. Reason: formating, etc
For those amongst us who appreciate bullet points:
- Yes, we are aware of the issueI. t’s not a real threat, unless someone has authorisation to publish has access to your site
- This was a labor of love back when we started all those years ago
- We’ll do what we can, when we can, but if an immediate solution is required, start looking elsewhere
- If you are able to contribute to the community, please do so