Title showing html

Hi @versatileer

Due to “security reasons” we had to prevent such usage of our plugin.

My apologies, if you want such usage, you need to use older version.

https://downloads.www.ads-software.com/plugin/ultimate-posts-widget.2.2.8.zip

Otherwise our plugin could be taken down if we would allow it ??

Thank you. This worked like a charm. Have a great evening!

Clyde,

Just contacting you FYI. I had to permanently uninstall your plugin Ultimate Posts Widget. I was on with WordPress support to diagnose, they uninstalled the plugin and I shared the .zip file in media files and WordPress reinstalled it. Within minutes, the plugin automatically updates due to a fatal error. Your plugin displays the same html as originally discussed in the widget area. WordPress and I concur that it looks very unprofessional. I had to go another route despite not having all your features. I cannot leave the title displaying HTML on the website, because people automatically think the website has been hacked and it makes me lose followers. I feel bad, but these type of errors can determine the death of a plugin, if not taken seriously. This version is not usable in my honest opinion for any website to use. Therefore I will not be using your plugin after this point. Sorry about the bad news, and I wish you luck in the future.

Hi @versatileer

Thank you for the details, really sorry for your experience.

We obviously didn’t want to make it like this but we were forced due to potential vulnerability the plugin would be taken down otherwise anyway.

Security researchers decided that if we allow HTML/JS it is possible to execute XSS attacks which latest version prevents, in my opinion it’s not and issue if only the administrator of the site can do that, which you can do the same in countless other ways, but yeah, we have to stick to the guidelines and ensure our plugin is secure.

My apologies as well, hope you can find plugin that will satisfy your needs.