Ken Sim

You marked a previous support post with a similar vulnerability issue as resolved, but it seems this XSS vulnerability remains even on this 3.0.2 version. Do you have any plans to address this?

https://patchstack.com/database/wordpress/plugin/weather-atlas/vulnerability/wordpress-weather-atlas-widget-plugin-3-0-1-cross-site-scripting-xss-vulnerability

Looks like this plugin may have fallen into the Abandoned bucket, which is a shame because I really like this plugin.

It’s also a shame that after a month of no response from the developer, I will be forced to uninstall this plugin and replace it with an alternative.

You marked this issue as resolved, but it seems this XSS vulnerability remains even on this 3.0.2 version. Do you have any plans to address this?

https://patchstack.com/database/wordpress/plugin/weather-atlas/vulnerability/wordpress-weather-atlas-widget-plugin-3-0-1-cross-site-scripting-xss-vulnerability

@davidefiorio – considering this plugin has not been updated in the past 3 years, I wouldn’t hold your breath on this happening. This is why I suggested to not use this plugin.

Yes, my issue is that because this plugin is not being maintained WordPress is now showing a warning that it hasn’t been tested with the latest 3 major releases of WordPress, and security programs like Wordfence are tagging this plugin as abandoned because it has not been updated for the past 2 years. These 2 factors alone raise the question if this plugin has been abandoned.

It’s nice that you are working on other projects, but these projects do not pertain to this plugin specifically.

Hello @jhayvum,

Nice! I would be happy to test this and provide feedback on this RC version. Would this be the place to provide feedback?

Hello @jhayvum,

Just tested this RC version on a local site and it worked well.

Thanks.

• This reply was modified 1 year, 3 months ago by Ken Sim.

So, it would appear that WP 6.4 had a curl bug, which was most likely causing the backup to fail. After updating to WP 6.4.1 the backups started working again.

Hi @shawnogordo,

I can confirm that the latest release, version 11.0.8 has corrected the verification error for new and previously verified posts.

Thanks for such a quick turnaround on this issue. Kudos!

Hi @shawnogordo,

I can also confirm that the update to version 11.0.8 has corrected the verification error.

Sounds good. I will test this out on my end shortly and post back on my findings.

@shawnogordo – Thanks for the quick turnaround.

Hi @shawnogordo,

Here is my latest media file that I posted last night below.

Not sure why this is needed, because this error is showing up on all my previous posts when I go into them to edit, which validated fine prior to this update.

https://wackbox-audio.b-cdn.net/Jen-Perdew-Interview-145.mp3

• This reply was modified 1 year, 6 months ago by Ken Sim.

Hi @shawnogordo,

I am using iThemes Security now and prior to the update.

@greektimes – I too am receiving these errors as I stated in the initial support post, but my XML feed it updating correctly and the frontend is working fine. As for my hosting, I am on my own VPS running CentOS with Apache/2.4.57.

Hi @greektimes,

That’s strange. Even though I am receiving this validation error, my latest post after this update did show up in my feed, (https://your.domain.com/feed/podcast/), and Spotify picked it up just fine.

@daveclements you would be correct in your statement. But this is a direct result of your attempt to fix the vulnerability issue.