= 1.25.1 - 2025-01-11 = * SECURITY: Fix a non-persistent reflected XSS vulnerability due to a missing nonce combined with missing sanitisation. This could allow an attacker, who persuaded you to click a personally-crafted link to your site's dashboard whilst you were logged in, to once run JavaScript code in your dashboard. Thanks to Asaf Mozes for finding and responsibly disclosing this issue. * FIX: Prevent the restoration from failing when there is a 'sync-xhr=()' permission policy on the response header. * FIX: Improve the approach of acquiring a suggested region for Amazon AWS S3 if a failure arises during the getBucketLocation() call, particularly when the XML response fails to provide a field for the suggested region - this resolves issues with regions (e.g. us-east-2) which recently changed their response behaviour * TWEAK: Broaden the support to incorporate the "ap-southeast-4" region of Amazon AWS S3 and additional recently updated regions * TWEAK: A regression in the paid version update checker to version 4.13.2, resulting in non-appearance of notices concerning subscription status or WP version compatibility.
Subscribe to access unlimited downloads of themes, videos, graphics, plugins, and more premium assets for your creative needs.
Published:
Mar 03, 2025 05:34 AM
Version:
Category:
Author:
UpdraftPlusWordPress Version:
3.2 or higherTested up to:
6.7PHP Version:
5.4 or higherLicense:
GPL v2 or LaterTags:
