Has this been fixed? I see this in the 4.2.7 changelog note:
Fix vulnerabilities issue of Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode.
That sounds like it could be describing this vulnerability but not positive. Any official confirmation?
Edit: just found this thread where the dev posted that it’s been updated and resolved. So hopefully we’re good to go for now?
-
This reply was modified 10 months, 3 weeks ago by harmolipi. Reason: Found a response from the dev
