Support » Plugin: WP Photo Album Plus » v8.0.10.006 XSS Vulnerability

  • Resolved anotherdave

    (@anotherdave)


    iThemes Security Pro is detecting / warning that Version 8.0.10.006 and below are vulnerable to Stored Cross-Site Scripting and it says “Fixed in Version 8.1.00” , however I don’t see 8.1.00 update available. Is that version coming forth?
    Thank you.

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Author Jacob N. Breetvelt

    (@opajaap)

    Yes that version is being worked upon.

    Thread Starter anotherdave

    (@anotherdave)

    Thank you for the response Jacob, good to know. I have a client that uses WP Photo Album Plus and happy to hear they do not have to change to something else and a secure fixed version is in the works.

    Plugin Author Jacob N. Breetvelt

    (@opajaap)

    You may try this intermediate development version:
    https://downloads.wordpress.org/plugin/wp-photo-album-plus.8.1.00.004.zip
    Keep in mind it is a dev version, not a release, however if you test this version, i will give you max support.

    andynz

    (@andynz)

    I do not know if this relates to my problem. My hosting company in NZ has disabled my IP address due to what they believe is a vulnerability in WP Photo Album Plus version 8.0.06.004
    They specifically refer to the following files:
    /js/wppa-spheric.js
    /js/wppa-zoom.js
    /js/wppw-ajax-front.js
    /js/wppa-slideshow.js
    /js/wppa-utils.js
    Is it possible to replace with an earlier version which does not have this problem.

    Andy

    Thread Starter anotherdave

    (@anotherdave)

    @opajaap thanks for providing the fix so quickly!

Viewing 5 replies - 1 through 5 (of 5 total)
  • You must be logged in to reply to this topic.