badconker

+1
“Don’t miss your crawl errors: connect with Google Search Console here.” doesn’t want to disappear

Same thing is going on with 3.8.8 and 3.7.8, which are the equivalent patch versions to 3.9.6 (that were a part of the 4/27/15 patch).

I confirm. It’s annoying for a “critical cross-site scripting (XSS) vulnerability”, 8 days without auto update…

These versions are not displayed either on this page :
https://www.ads-software.com/download/release-archive/

Support response :

Thank you for reporting this issue. I apologize for the inconvenience, Yes there is a bug.
We are fixing this issue and will release a new update in few hours. This will fix the issue.

Meanwhile i have downgraded the plugin to 1.2.8 on all my websites and no more error ??

Hi,

Thanks for your new version but a have tested again with WordPress 3.5 and wordpress-seo 1.3.3 (and developper version…) it seems to be not resolved at all !! ( specifically in wp-seo-metabox.js)

Simple test :
– connect you on admin of your site
– go to url : [www.yoursite.com]/wp-admin/post-new.php?post_title=<script>alert('There is a problem');</script>
– The alert message is displaying !

=> CSRF : https://en.wikipedia.org/wiki/Cross-site_request_forgery

For me, it’s a big security issue.