Lester Chan's WordPress Plugins
Lester Chan's WordPress Plugins Development Blog
WordPress 2.8.4 has been released and also similar to WordPress 2.8.3, this is a security fix. Yesterday a vulnerability was discovered: a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key … Continue reading “WordPress 2.8.4”
WordPress 2.8.3 has been released and similar to WordPress 2.8.2, this is a security fix. Unfortunately, I missed some places when fixing the privilege escalation issues for 2.8.1. Luckily, the entire WordPress community has our backs. Several folks in the community dug deeper and discovered areas that were overlooked. With their help, the remaining issues … Continue reading “WordPress 2.8.3”
WordPress 2.8.2 has just been release. WordPress 2.8.2 fixes an XSS vulnerability. Comment author URLs were not fully sanitized when displayed in the admin. This could be exploited to redirect you away from the admin to another site. Changelog: WordPress 2.8.2 Download: WordPress 2.8.2 Download: Modified files since WordPress 2.8.1
Here is my June 2009 WordPress plugins update containing all my 16 WordPress plugins update. All of them should work on WordPress 2.8 as I did not test them on any WordPress version below that. Now my plugins uses jQuery for AJAX instead of TW-Sack. I have also updated the widget code to make use … Continue reading “Lester Chan’s WordPress Plugins June 2009 Update”
WordPress 2.8 Beta 2 has been released. Here is a link to the changelog from beta 1 to beta 2. Download: WordPress 2.8 Beta 2