WordPress.org
Get WordPress

Plugin Directory

Changeset 3428744


Ignore:
Timestamp:
12/28/2025 09:58:07 PM (3 months ago)
Author:
marceljm
Message:

Fixing vulnerability

Location:
featured-image-from-url/trunk
Files:
3 edited

Legend:

Unmodified
Added
Removed

  • featured-image-from-url/trunk/elementor/widgets/widget.php

    r3352132 r3428744  
    8989                    if ($image_url && filter_var($image_url, FILTER_VALIDATE_URL) === false)
    9090                        $image_url = '';
     91
     92                    if ($image_url) {
     93                        $validated_url = wp_http_validate_url($image_url);
     94                        if ($validated_url === false) {
     95                            continue;
     96                        }
     97                        $image_url = $validated_url;
     98                    }
     99
    91100                    fifu_dev_set_image($post_id, $image_url);
    92101                    $att_id = get_post_thumbnail_id($post_id);

  • featured-image-from-url/trunk/featured-image-from-url.php

    r3389293 r3428744  
    55 * Plugin URI: https://fifu.app/
    66 * Description: Use remote media as the featured image and beyond.
    7  * Version: 5.3.1
     7 * Version: 5.3.2
    88 * Author: fifu.app
    99 * Author URI: https://fifu.app/
    1010 * WC requires at least: 4.0
    11  * WC tested up to: 10.3.4
     11 * WC tested up to: 10.4.3
    1212 * Text Domain: featured-image-from-url
    1313 * License: GPLv3

  • featured-image-from-url/trunk/readme.txt

    r3389293 r3428744  
    44Tags: featured, image, url, video, woocommerce
    55Requires at least: 5.6
    6 Tested up to: 6.8.3
    7 Stable tag: 5.3.1
     6Tested up to: 6.9
     7Stable tag: 5.3.2
    88License: GPLv3
    99License URI: https://www.gnu.org/licenses/gpl-3.0.html
     
    248248== Changelog ==
    249249
     250= 5.3.2 =
     251* Fix: vulnerability reported by Wordfence team.
     252
    250253= 5.3.1 =
    251254* New feature: Auto-share on social media; Fix: Featured image might not be displaying on X.
     
    275278* Fix: the plugin was being translated into the site language instead of the user language; Fix: input field for featured image.
    276279
    277 = 5.2.2 =
    278 * New: WordPress block for remote featured images; Enhancement: Alternative Text field added to the Elementor widget; Enhancement: Registers are no longer listed in the Custom Fields box; Enhancements and fixes: Input fields for posts, products, and categories; Fix: Images were being cropped unnecessarily in WooCommerce.
    279 
    280280= others =
    281281* [more](https://fifu.app/changelog)
     
    284284== Upgrade Notice ==
    285285
    286 = 5.3.1 =
    287 * New feature: Auto-share on social media; Fix: Featured image might not be displaying on X.
     286= 5.3.2 =
     287* Fix: vulnerability reported by Wordfence team.
Note: See TracChangeset for help on using the changeset viewer.