Important Security Update for SyntaxHighlighter Evolved WordPress Plugin

syntaxhighlighter-evolved

Alex Mills announced an important security update today for his SyntaxHighlighter Evolved plugin. The 3.1.10 release includes a new version of the SyntaxHighlighter 3.x library to address an XSS security issue.

SyntaxHighlighter Evolved is used widely on self-hosted WordPress sites for sharing code and has been downloaded more than 350,000 times. Most notably, it’s used on WordPress.com to allow users to post code snippets and is the same plugin we use on WP Tavern for tutorials. Mills credits Ben Bidner for finding the bug and Alex Gorbatchev for working with Automattic to patch the issue.

Version 3.1.10 also adds compatibility with sites where the plugins folder has been moved to another location other than the default directory, though the security fix is the bulk of this update. If you’re using SyntaxHighlighter Evolved on any of your WordPress sites, make sure to visit each and update the plugin to avoid a potential XSS security breach.

Who is Sarah Gooding


Sarah Gooding is an Editorial Ninja at Audrey Capital. When not writing about WordPress, she enjoys baking, knitting, judging beer competitions and spending time with her Italian Greyhound.