XSS vulnerability, removed from WP directory – what to do?

  • OsakaWebbie

    (@osakawebbie)


    3 months ago

    Wordfence has alerted me that Caxton has been removed from the plugins directory, and this report says it has a cross-site-scripting vulnerability. So unless the developers are working on a fix to restore it to safe status, I want to deactivate it. I’m only using one Caxton block (Post Grid) on this one page, but it’s pretty important, as I have designed my feature images with this layout in mind (aspect ratio, and where on the image the post title is overlaid).

    First question (for the Caxton folks): Is a fix under development?

    Second question (for anyone): Is there a decent substitute for doing this kind of grid? I just want a grid (number per row adjusts with the window size, of course) of all posts in a specific category, showing just feature image thumbnails with this aspect ratio with the title overlaid with a shadow, linked to the single post. I use a child theme (parent is Astra) and do speak both PHP and CSS. Here is a screenshot of the block settings: https://imgur.com/a/99bquwN

    The page I need help with: [log in to see the link]

  • You must be logged in to reply to this topic.

Tags