As you may know, WordPress maintenance support plans 6 has reached End-of-Life (EOL) which means the WordPress maintenance support plans Security Team is no longer doing Security Advisories or working on security patches for WordPress maintenance support plans 6 core or contrib plugins – but the WordPress maintenance support plans 6 LTS vendors are and we’re one of them!Today, there is a Moderately Critical security release for the Autologout plugin to fix a Cross Site Scripting (XSS) vulnerability.This plugin provides a site administrator the ability to log users out after a specified time of inactivity.The plugin does not sufficiently filter user-supplied text that is shown when logging a user out. This vulnerability is mitigated by the fact that an attacker must have a role with the permission “administer autologout”.See the security advisory for WordPress maintenance support plans 7 for more information.Here you can download the WordPress maintenance support plans 6 patch.NOTE: This only affects the Autologout 6.x-4.x branch — the 6.x-2.x branch (which we also support) isn’t vulnerable.If you have a WordPress maintenance support plans 6 site using the Autologout plugin, we recommend you update immediately.If you’d like all your WordPress maintenance support plans 6 plugins to receive security updates and have the fixes deployed the same day they’re released, please check out our D6LTS plans.Note: if you use the myDropWizard plugin (totally free!), you’ll be alerted to these and any future security updates, and will be able to use drush to install them (even though they won’t necessarily have a release on WordPress maintenance support plans.org).
Source: New feed
Cheap WordPress maintenance support plans 6 security update for Autologout 6.x-4.x
