WordPress.org
Get WordPress

Plugin Directory

Changeset 3349559


Ignore:
Timestamp:
08/25/2025 09:26:52 AM (7 months ago)
Author:
gfazioli
Message:

Fix SSRF vulnerability in external banner uploads

File:
1 edited

Legend:

Unmodified
Added
Removed

  • wp-bannerize-pro/trunk/readme.txt

    r3249499 r3349559  
    55Requires at least: 6.2
    66Tested up to: 6.7
    7 Stable tag: 1.10.0
     7Stable tag: 1.11.0
    88License: GPLv2 or later
    99License URI: http://www.gnu.org/licenses/gpl-2.0.html
     
    6969== Changelog ==
    7070
     71= 1.11.0 =
     72
     73Security & Enhancement Updates
     74
     75🔒 Security
     76* SSRF Protection: Added Server-Side Request Forgery (SSRF) protection for external banner image URLs
     77* Added wp_bannerize_is_remote_image() method to validate remote image URLs
     78* Only allows JPEG, PNG, and GIF image formats from external sources
     79* Returns HTTP 200 status validation for remote images
     80* Prevents malicious URL exploitation through banner uploads
     81* Added admin error notice when invalid image URLs are submitted
     82
     83 🎨 Code Quality
     84* Code Formatting: Standardized code indentation and formatting in WPBannerizeServiceProvider.php
     85* Improved readability and consistency across the codebase
     86* Fixed indentation issues throughout the service provider class
     87
     88🚨 User Experience
     89* Error Handling: Added user-friendly error messages
     90* Display admin notice when invalid banner image URLs are entered
     91* Clear feedback for users when external image URLs fail validation
     92
    7193= 1.10.0 =
    7294
Note: See TracChangeset for help on using the changeset viewer.