badconker
Forum Replies Created
-
+1
“Don’t miss your crawl errors: connect with Google Search Console here.” doesn’t want to disappearForum: Fixing WordPress
In reply to: Availability of WP Security Update 3.9.6Same thing is going on with 3.8.8 and 3.7.8, which are the equivalent patch versions to 3.9.6 (that were a part of the 4/27/15 patch).
I confirm. It’s annoying for a “critical cross-site scripting (XSS) vulnerability”, 8 days without auto update…
These versions are not displayed either on this page :
https://ww.wp.xz.cn/download/release-archive/Forum: Plugins
In reply to: [InfiniteWP Client] Problems since update to 1.2.9Support response :
Thank you for reporting this issue. I apologize for the inconvenience, Yes there is a bug.
We are fixing this issue and will release a new update in few hours. This will fix the issue.Meanwhile i have downgraded the plugin to 1.2.8 on all my websites and no more error 🙂
Hi,
Thanks for your new version but a have tested again with WordPress 3.5 and wordpress-seo 1.3.3 (and developper version…) it seems to be not resolved at all !! ( specifically in wp-seo-metabox.js)
Simple test :
– connect you on admin of your site
– go to url :[www.yoursite.com]/wp-admin/post-new.php?post_title=<script>alert('There is a problem');</script>
– The alert message is displaying !=> CSRF : http://en.wikipedia.org/wiki/Cross-site_request_forgery
For me, it’s a big security issue.