HomeNews/Blog › Plugin Security Update: Language Switcher 1.20 for WordPress

Plugin Security Update: Language Switcher 1.20 for WordPress

Submitted by jhodgdon on 29 May 2009 - 8:47am

I've just released version 1.20 of the Language Switcher plugin for WordPress, which is a plugin for creating a multi-lingual site or blog.

This is a security update, and it is highly recommended that you update to this version, if you are using any previous version of Language Switcher. It fixes a potential cross-site scripting (XSS) vulnerability, brought to my attention by Alien Hackers (thanks!). The vulnerability was unlikely to be exploited in practice, but it did open up the possibility that if an Internet Explorer user who was already logged into their own site clicked on a maliciously-formed link to their own blog that someone had emailed them, and then immediately clicked on a sidebar link generated by the Language Switcher to switch languages, they could potentially compromise their site's security. It's a rather convoluted chain of circumstances, and as I said unlikely to occur, but anyway the vulnerability has now been eliminated and it is advisable that you update your site.

Tags:

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a>
  • Lines and paragraphs break automatically.

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
plus five equals nine
Solve this math question and enter the solution with digits. E.g. for "two plus four = ?" enter "6".