{"id":15551,"date":"2015-04-21T14:57:50","date_gmt":"2015-04-21T14:57:50","guid":{"rendered":"https:\/\/docs.wpgeodirectory.com\/?page_id=15551"},"modified":"2015-04-21T14:57:50","modified_gmt":"2015-04-21T14:57:50","slug":"security-release-21-04-2015","status":"publish","type":"page","link":"https:\/\/wpgeodirectory.com\/docs\/security-release-21-04-2015\/","title":{"rendered":"Security Release 21-04-2015"},"content":{"rendered":"<p><strong>We are announcing a security release of GD Core (1.4.5) and GD buddypress addon (1.0.2), please update both of these plugins immediately.\u00a0<\/strong><\/p>\n<p>Recently a XSS vulnerability was found in the way two core WordPress functions were documented to be used (this has now been rectified) and as a result many popular plugins were found to be vulnerable such as:\u00a0Jetpack,\u00a0WordPress SEO,\u00a0Google Analytics,\u00a0All In one SEO,\u00a0Gravity Forms etc&#8230; Please see here for a more detailed list:\u00a0http:\/\/wptavern.com\/xss-vulnerability-affects-more-than-a-dozen-popular-wordpress-plugins<\/p>\n<p>We have looked over all our plugins and although at first we thought this did not affect us we have now found that <strong>if you have the sort by options for categories enabled (not enabled by default)<\/strong> then this can be exploited.<\/p>\n<p><strong>The Exploit<br \/><\/strong>This type of exploit is a XSS type which although is very difficult for an attacker to exploit it can and should be fixed ASAP.<br \/>The way this type of exploit is typically used is by crafting a special URL and emailing or some how trying to get the admin of the site to click it while logged in. \u00a0It can also be used to show non authorised HTML on a page for any user via the same process.<\/p>\n<p>NOTE: The latest Google chrome browser has XSS protection built in.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>We are announcing a security release of GD Core (1.4.5) and GD buddypress addon (1.0.2), please update both of these plugins immediately.\u00a0 Recently a XSS vulnerability was found in the way two core WordPress functions were documented to be used (this has now been rectified) and as a result many popular plugins were found to &hellip; <\/p>\n<p class=\"link-more\"><a href=\"https:\/\/wpgeodirectory.com\/docs\/security-release-21-04-2015\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;Security Release 21-04-2015&#8221;<\/span><\/a><\/p>\n","protected":false},"author":1670,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":[],"_links":{"self":[{"href":"https:\/\/wpgeodirectory.com\/docs\/wp-json\/wp\/v2\/pages\/15551"}],"collection":[{"href":"https:\/\/wpgeodirectory.com\/docs\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/wpgeodirectory.com\/docs\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/wpgeodirectory.com\/docs\/wp-json\/wp\/v2\/users\/1670"}],"replies":[{"embeddable":true,"href":"https:\/\/wpgeodirectory.com\/docs\/wp-json\/wp\/v2\/comments?post=15551"}],"version-history":[{"count":0,"href":"https:\/\/wpgeodirectory.com\/docs\/wp-json\/wp\/v2\/pages\/15551\/revisions"}],"wp:attachment":[{"href":"https:\/\/wpgeodirectory.com\/docs\/wp-json\/wp\/v2\/media?parent=15551"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}