1 Comment

  1. Plugin Vulnerabilities

    Imprecise wording in the release announcement seems to have lead to confusion here. The release announcement states that the new version “adds some sanitization to anonymous user data that went missing from previous versions”, which could mean that it had existed before and then went missing or just that it was missing before. It looks like the latter, as when we looked in to this we didn’t find that the sanitization code added in 5.2.13 had been in previous versions of the plugin.

    More important to note is that the sanitization added looks to just be duplicating sanitization that already exists in the code, which the developers seem to have overlooked. So those using older versions don’t look to be at risk. Though, as always, it is a good idea to keep your plugins up to date at all times.

    Report

Comments are closed.

%d bloggers like this: