Why is this plugin disabled? | WordPress.org

digitaldonkey
(@digitaldonkey)

1 month ago

If this is the reason for disabling the plugin….

https://access.redhat.com/security/cve/cve-2025-12124

Seriously?
I read: A user with permission Admin or higher could change content in the website.

Viewing 1 replies (of 1 total)

Plugin Author Kevin Dees
(@kevindees)

1 month ago

An admin account is a security issue apparently.

I think they code they are referring to is the area where you can define the CSS selector. I’m pretty sure we added some custom sanitization code long ago, but we needed to give the ability for users to have CSS selectors like “>”. Thus, we limited access to admins because an admin can do anything already including installing any PHP script or JavaScript.

Viewing 1 replies (of 1 total)

You must be logged in to reply to this topic.

1 reply
2 participants
Last reply from: Kevin Dees
Last activity: 1 month ago
Status: not resolved