Important Security Update for SyntaxHighlighter Evolved WordPress Plugin


Alex Mills announced an important security update today for his SyntaxHighlighter Evolved plugin. The 3.1.10 release includes a new version of the SyntaxHighlighter 3.x library to address an XSS security issue.

SyntaxHighlighter Evolved is used widely on self-hosted WordPress sites for sharing code and has been downloaded more than 350,000 times. Most notably, it’s used on to allow users to post code snippets and is the same plugin we use on WP Tavern for tutorials. Mills credits Ben Bidner for finding the bug and Alex Gorbatchev for working with Automattic to patch the issue.

Version 3.1.10 also adds compatibility with sites where the plugins folder has been moved to another location other than the default directory, though the security fix is the bulk of this update. If you’re using SyntaxHighlighter Evolved on any of your WordPress sites, make sure to visit each and update the plugin to avoid a potential XSS security breach.