Month Notes - August 2024
Posted on by Bob Matyas
This is the first in a series of month notes where I am going to share things I have been working on.
At Work
I became the Editor-in-Chief of documentation on Jetpack.com. Iβll be reviewing new documentation and finding gaps in existing documentation.
WordPress Plugins
I published a new plugin for WordPress called Pretty RSS Feeds It applies an XML Stylesheet (pretty-feed-v3 to make the default RSS feed display in a more inviting way to newcomers to RSS feeds.
I also published a new version of my Block AI Crawlers plugin that fixes a bug in the settings display and blocks new crawlers.
WordPress Vulnerability Research
The following plugin vulnerabilities were responsibly disclosed:
- Sign-up Sheets < 2.2.13 - Reflected XSS
- CTT Expresso para WooCommerce < 3.2.13 - Admin+ Stored XSS
- Secure Copy Content Protection and Content Locking < 4.1.7 - Admin+ Stored XSS
- DN Popup <= 1.2.2 - Settings Update via CSRF
- Flaming Forms <= 1.0.1 - Unauthenticated Stored XSS
- Flaming Forms <= 1.0.1 - Reflected XSS
- SmartSearchWP <= 2.4.4 - Unauthenticated Log Purge
- NinjaTeam Header Footer Custom Code <= 1.2 - Admin+ Stored XSS via CSS Styles
- Pocket Widget <= 0.1.3 - Admin+ Stored XSS
- AZIndex <= 0.8.1 - Stored XSS via CSRF
- AZIndex <= 0.8.1 - Index Deletion via CSRF
- Snapshot Backup <= 2.1.1 - Stored XSS via CSRF
- kbucket < 4.1.5 - Reflected XSS
- WP Content Copy Protection & No Right Click (premium) <= 15.0 - Admin+ Stored XSS
- Logo Manager For Enamad <= 0.7.1 - Admin+ Stored XSS via Widget