Hello,
Thank you for posting. If there is a security issue that needs to be fixed would you please contact me here with details? https://drew-phillips.com/contact/
Thread Starter
psypat
(@psypat)
Sorry for the long delay! – ww.wp.xz.cn is worthless in emailing me when somebody answer me… I’ve contacted you directly…
The XSS issue reported here was fixed a few months ago but it looks like I messed up the release some how and the latest version at the time (1.3.11) didn’t get set as the current version.
For that XSS issue to be possible, a WordPress admin user would have needed to enter the malicious script into one of the options in the plugin settings window, so the severity was low and would have already required an admin account to be compromised.
Thanks for bringing this up again here so that I could get the release issue corrected.
