Request for DOMPurify Update Due to Security Vulnerability (CVE-2024-47875)
-
Hello,
The current version of the plugin relies on DOMPurify version 2.3.8. Recently, a critical security vulnerability (CVE-2024-47875) was discovered in DOMPurify affecting versions prior to 2.5.0. This vulnerability allows for a nesting-based mutation XSS (mXSS) attack, potentially enabling harmful code execution if exploited.
The issue has been addressed in DOMPurify versions 2.5.0 and 3.1.3, which mitigate this vulnerability. I kindly request that the plugin be updated to use a secure version of DOMPurify to ensure the safety of WordPress installations using this plugin.
Please let me know if there is a timeline for this update or if any additional information is needed.
Thank you.
- You must be logged in to reply to this topic.
