Security Advisory: Persistent XSS in WP-Super-Cache

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Author Brandon Kraft

    (@kraftbj)

    Code Wrangler

    Thanks. This was fixed in 1.4.4, 1.3.3, 1.2.1, 1.1.1, and 1.0.1.

    Could you clarify, did you push an automatic update for this? Asking because I saw the news about it, went to check on a client’s site (who doesn’t update their own plugins) and found a few outstanding updates but WP Super Cache already running 1.4.4.

    (Thanks.)

    I have the free version of WordPress. Under this version, I cannot install plugins or make updates. How does the WP Super Cache Vulnerability affect me?

    Plugin Author Brandon Kraft

    (@kraftbj)

    Code Wrangler

    @wturrell — We didn’t push an automatic update (we don’t have the ability), but the www.remarpro.com Security team did. Basically, we provided upgraded versions of the software so that all impacted versions would have the smallest set of changes possible (e.g. if you were still running 1.0.0, it auto-upgraded you to 1.0.1, 1.3.x to 1.3.3, etc).

    In short, yes, but wanted to clarify that it was the powers that be opted for the auto-upgrade.

    @gwendolynmiller — If you’re using WordPress.com or otherwise don’t have the ability to use plugins, this does not impact you.

    Thanks Brandon – understood.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Security Advisory: Persistent XSS in WP-Super-Cache’ is closed to new replies.