Sure is. No updates because I don’t have any issues with it.
Thread Starter
markb
(@markbignell)
No clue, sounds like a false positive warning. Contact WP Toolkit and ask why the following code would trigger that error:
https://plugins.trac.wordpress.org/browser/minify-html-markup/trunk/minify-html.php
That link is the entire code for Minify HTML, and it doesn’t do anything with CSRF. My guess is WP Toolkit is overzealous and is looking for a string which happens to also be in the Minify HTML plugin.
To be clear, this isn’t a problem with this Minify HTML, it’s a potential CSRF issue with WordPress and *any* plugin. I’ve updated Minify HTML to (v2.1.1) to address the potential WordPress vulnerability issue. This should now be resolved.
Hi Tim,
I like your plugin but I’ve got an Wordfence alert :
“Minify HTML” has a security vulnerability. Type: Plugin Vulnerable “
“Details: To protect your site from this vulnerability, the safest option is to deactivate and completely remove “Minify HTML” until a patched version is available. “
“Vulnerability Information: https://www.wordfence.com/threat-intel/vulnerabilities/id/ef7cf633-e907-4da1-bd96-0013e88defbb?source=plugin”
Regards,
S.L
There’s an over-zealous group which is profiting on reporting plugins for trivial potential security “issues”. In any case, the plugins has been updated to address this issue. If you’re using the latest version of Minify HTML (v2.1.8), the issue has been resolved. If it’s still reporting a problem, it’s a false-positive at this point as they haven’t updated their system yet that the latest release resolves the problem. You may be able to contact word fence and have them update their database.
-
This reply was modified 2 years, 11 months ago by
Tim Eckel.
