v8.0.10.006 XSS Vulnerability | WordPress.org

Resolved anotherdave
(@anotherdave)

3 years, 3 months ago

iThemes Security Pro is detecting / warning that Version 8.0.10.006 and below are vulnerable to Stored Cross-Site Scripting and it says “Fixed in Version 8.1.00” , however I don’t see 8.1.00 update available. Is that version coming forth?
Thank you.

Viewing 5 replies - 1 through 5 (of 5 total)

Plugin Author Jacob N. Breetvelt
(@opajaap)

3 years, 3 months ago

Yes that version is being worked upon.

Thread Starter anotherdave
(@anotherdave)

3 years, 3 months ago

Thank you for the response Jacob, good to know. I have a client that uses WP Photo Album Plus and happy to hear they do not have to change to something else and a secure fixed version is in the works.

Plugin Author Jacob N. Breetvelt
(@opajaap)

3 years, 3 months ago

You may try this intermediate development version:
https://downloads.wordpress.org/plugin/wp-photo-album-plus.8.1.00.004.zip
Keep in mind it is a dev version, not a release, however if you test this version, i will give you max support.

andynz
(@andynz)

3 years, 3 months ago

I do not know if this relates to my problem. My hosting company in NZ has disabled my IP address due to what they believe is a vulnerability in WP Photo Album Plus version 8.0.06.004
They specifically refer to the following files:
/js/wppa-spheric.js
/js/wppa-zoom.js
/js/wppw-ajax-front.js
/js/wppa-slideshow.js
/js/wppa-utils.js
Is it possible to replace with an earlier version which does not have this problem.

Andy

Thread Starter anotherdave
(@anotherdave)

3 years, 2 months ago

@opajaap thanks for providing the fix so quickly!

Viewing 5 replies - 1 through 5 (of 5 total)

The topic ‘v8.0.10.006 XSS Vulnerability’ is closed to new replies.

Tags

xss

In: Plugins
5 replies
3 participants
Last reply from: anotherdave
Last activity: 3 years, 2 months ago
Status: resolved