WordPress.org
Get WordPress

Plugin Directory

Changeset 3428995


Ignore:
Timestamp:
12/29/2025 10:40:03 AM (3 months ago)
Author:
pressprogrammer
Message:

Fixing a possible xss security issue

Location:
mediapress
Files:
367 added
1 edited

Legend:

Unmodified
Added
Removed

  • mediapress/trunk/readme.txt

    r3377556 r3428995  
    33Tags: buddypress, buddypress gallery, buddypress photo gallery, video gallery, media
    44Requires at least: 5.0
    5 Tested up to: 6.8.3
    6 Stable tag: 1.6.1
     5Tested up to: 6.9.0
     6Stable tag: 1.6.2
    77License: GPLv2 or later
    88License URI: http://www.gnu.org/licenses/gpl-2.0.html
     
    163163
    164164== Changelog ==
     165
     166= 1.6.2 =
     167 * Ensures that the uploader and gallery creation shortcode always escape output.
     168 * Fixed a possible stored XSS in media upload shortcode for contributor or above role(people who can add shortcode in post).
     169 * Props zaim via Wordfence for reporting the possible stored xss in uploader shortcode.
     170
    165171= 1.6.1 =
    166172 * Added a filter `mpp_main_gallery_dir_ajax_query_args` to allow filtering directory lists on ajax request.
Note: See TracChangeset for help on using the changeset viewer.