Skip to main content
← Back to index page

1.7.1

  • Security fix: fixed possible cross scripting issue with encoded entities in a post title. This could potentially allow an author on your site to execute JavaScript when you visit that posts edit page, allowing them to do rights expansion or otherwise. Thanks to Joe Hoyle for responsibly disclosing this issue.