16 October 2023
ClassicPress version 1.7.1 is now available (security release).
Upgrading to ClassicPress 1.7.1
ClassicPress 1.7.1 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply ClassicPress updates as new versions are released, or use Installatron's Clone feature to duplicate an existing ClassicPress install to test the 1.7.1 upgrade prior to applying it live. Get started managing your ClassicPress installations with Installatron
What's New in ClassicPress 1.7.1
- Marc Montpas of Automattic for finding a potential disclosure of user email addresses.
- Marc Montpas of Automattic for finding an RCE POP Chains vulnerability.
- Jb Audras of the WordPress Security Team and Rafie Muhammad of Patchstack for each independently discovering an issue where comments on private posts could be leaked to other users.
- John Blackbourn (WordPress Security Team), James Golovich, J.D Grimes, Numan Turle, WhiteCyberSec for each independently identifying a way for logged-in users to execute any shortcode.
- mascara7784 and a third-party security audit for identifying a XSS vulnerability in the application password screen.
- Jorge Costa of the WordPress Core Team for identifying XSS vulnerability in the footnotes block.
- s5s and raouf_maklouf for independently identifying a cache poisoning DoS vulnerability.