Skip to content

4.9.17
Compare
Choose a tag to compare
@dannyvankooten dannyvankooten released this 17 Sep 07:50
· 8 commits to main since this release
4.9.17
00da115
This commit was signed with the committer’s verified signature.
dannyvankooten Danny van Kooten
GPG key ID: BC0FD096EDFC1DD8
Learn about vigilant mode.

4.9.17 - Sep 17, 2024

  • Fix compatibility with WooCommerce versions 8.5 to 8.8 because of private method that was later made public.
  • Fix potential reflected XSS by stripping and escaping all HTML from {email} tag replacements. Thanks to kauenavarro for responsibly disclosing.
  • Fix potential stored XSS for attackers with both administrator access and Mailchimp account access by escaping HTML from interest group name. Thanks to Jorge Diaz (ddiax) for responsibly disclosing.
Assets 3
Loading