andrealandonio
commented
9 months ago Hi, sorry for the delay.. at the moment I'm not able to fix this.. if you need this fix as urgent fill free to push your PR ;-)
Closed toomanyairmiles closed 9 months ago
andrealandonio
commented
9 months ago Hi, sorry for the delay.. at the moment I'm not able to fix this.. if you need this fix as urgent fill free to push your PR ;-)
toomanyairmiles
commented
9 months ago Ok - I've paid someone to fix. They've pushed, please commit and update.
andrealandonio
commented
9 months ago Thanks, code is merged and committed in a new plugin version (2.2.10) ;-)
toomanyairmiles
commented
9 months ago Great stuff! I've been dying under endless security alerts since this came up.
The Taxonomy filter plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.2.9. This is due to missing or incorrect nonce validation on the taxonomy_filter_save_main_settings() function. This makes it possible for unauthenticated attackers to update the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/taxonomy-filter/taxonomy-filter-229-cross-site-request-forgery-via-taxonomy-filter-save-main-settings
Any chance of a fix for the above, it's a very useful plugin!