vulnerability

[wschaapman]

List categories <= 0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Source Wordfence https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/list-categories/list-categories-04-authenticated-contributor-stored-cross-site-scripting-via-shortcode

Please check

[picandocodigo]

Hi @wschaapman, thanks for reporting this. I was informed about the issue, but I haven't had time to update the plugin yet. I'll push an update as soon as possible and release a new version to address the security vulnerability.

That being said, it applies to authenticated attackers, with contributor-level access and above, so at that stage the WordPress installation would already had been very compromised.

[picandocodigo]

Fixed in 0.5.

[wschaapman]

New version gives fatal error when activiate.

[picandocodigo]

@wschaapman I've tested the plugin on my blog and I tried activating/deactivating, removing and re-adding the plugin and haven't been able to reproduce the fatal error. Can you copy and share the error you get please? Also what version of WordPress you're using.

Thanks!

[wschaapman]

When i download the plugin and do a install. There is created a new plugin ( the old one is also active) and the sites gives fatal error when activated, no more messages. Why I don t get a normal update message?

[picandocodigo]

It could be because of a clash between the two versions of the plugins. Does the message still appear if you deactivate the old version and then install and activate the new one?

[wschaapman]

Then it is oke. But not the normal way to update a plugin?

[picandocodigo]

Yes, while the plugin is being reviewed by WordPress to re-enable it, the normal update won't work. Hopefully it'll be re-enabled soon and you'll be able to update from the Admin Dashboard like usual.