Hi @tmcguire,
Of course, I’m working on it.
As far as I know, this relates to authenticated attackers with administrator-level access. It only affects multi-sites and pages with unfiltered_html disabled. Nevertheless – this needs to be fixed.
Thanks for reporting,
Daniel
Hi @tmcguire,
After some deep dive investigation I can say that the security risk was not a big of an issue. However – it is now fixed with version 1.3.27 and the fix is already confirmed here (it was originally reported over there).
Please update to the most recent version.
Best regards,
Daniel
You’re awesome. Super quick to patch and great communication.
-Tom
