WordPress.org
Get WordPress

Plugin Directory

Changeset 2802728


Ignore:
Timestamp:
10/21/2022 10:28:44 PM (3 years ago)
Author:
karim79
Message:

Security release to solve https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38454

Location:
kraken-image-optimizer/trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • kraken-image-optimizer/trunk/kraken.php

    r2542207 r2802728  
    2222 * Description: This plugin allows you to optimize your WordPress images through the Kraken API, the world's most advanced image optimization solution.
    2323 * Author: Karim Salman
    24  * Version: 2.6.5
    25  * Stable Tag: 2.6.5
     24 * Version: 2.6.6
     25 * Requires at least: 3.0.1
     26 * Requires PHP: 5.0.0
     27 * Stable Tag: 2.6.6
    2628 * Author URI: https://kraken.io
    2729 * License GPL2
     
    104106        function kraken_settings_page() {
    105107
    106             if ( !empty( $_POST ) ) {
     108            if ( !empty( $_POST ) && isset( $_POST['settings_form_nonce'] ) && wp_verify_nonce( $_POST['settings_form_nonce'], 'settings_form_nonce' ) ) {
    107109                $options = $_POST['_kraken_options'];
    108110                $result = $this->validate_options( $options );
     
    110112            }
    111113
     114            $form_nonce = wp_create_nonce( 'settings_form_nonce' );
    112115            $settings = get_option( '_kraken_options' );
    113116            $lossy = isset( $settings['api_lossy'] ) ? $settings['api_lossy'] : 'lossy';
     
    377380                            </tbody>
    378381                        </table>
     382                 <input type="hidden"  name="settings_form_nonce" value="<?php echo $form_nonce; ?>" />
    379383                 <input type="submit" name="kraken_save" id="kraken_save" class="button button-primary" value="Save All"/>
    380384              </form>

  • kraken-image-optimizer/trunk/readme.txt

    r2542207 r2802728  
    11=== Kraken.io Image Optimizer ===
    22Contributors: karim79
    3 Tags: compress images, image optimizer, SEO, performance, image resize, jpg, media, Optimization, optimize, optimize animated gif, optimize gif, optimize jpeg, optimize png, PageRank, PageSpeed Insights, photos, png, Reduce Image Size, retina, sitespeed, speed up site, svg, upload, svg, upload, gtmetrix speed test, EXIF, image resize, kraken.io
     3Donate link: https://kraken.io
     4Tags: compress images, image optimizer, SEO, performance, image resize, jpg, media, Optimization, optimize, optimize animated gif, optimize gif, optimize jpeg, optimize png, PageRank, PageSpeed Insights, photos, png, Reduce Image Size, retina, sitespeed, speed up site, svg, upload, svg, upload, gtmetrix speed test, EXIF, image resize
    45Requires at least: 3.0.1
     6Tested up to: 6.0.3
    57Requires PHP: 5.0.0
    6 Tested up to: 5.7.2
    7 Donate link: https://kraken.io
    8 Stable tag: 2.6.5
     8Stable tag: 2.6.6
    99License: GPLv2 or later
    1010License URI: http://www.gnu.org/licenses/old-licenses/gpl-2.0.html
     
    110110== Changelog ==
    111111
     112= 2.6.6 =
     113* Security release to solve https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38454
     114
    112115= 2.6.5 =
    113116* Security and maintenance release
     
    253256* Allows optimization of existing images in Wordpress Media Library.
    254257
     258== Upgrade Notice ==
     259Please upgrade immediately in order to avoid a potential security issue that could allow an attacker to overwrite your plugin setting (of the Kraken.io plugin.
     260
    255261== Notes and Incompatible plugins ==
    256262If you use the WP Super Cache plugin, you must **disable the plugin** prior to performing any image optimization, as it is known to cause strange and buggy behaviour with the Kraken.io Image Optimizer plugin.
Note: See TracChangeset for help on using the changeset viewer.