This security release is recommended for everyone using the file uploads feature in the Audio & Video plugin.
Audio & Video file upload vulnerability
A few days ago it was brought to our attention that the Audio Uploads feature allows uploading other file types. According to preliminary research, files such as PHP or HTML were not going through, which meant the severity of the issue is rather low.
After some more digging we were able to replicate the issue on some browsers combined with certain server setups. As far as we know there is no meaningful way to exploit this by uploading malicious files, nevertheless we decided to tighten up the security just in case and release it as PeepSo 2.2.4.
Other Changes
No other changes were introduced in the Gecko theme nor any other PeepSo plugin, as this version is only shipping a patch to the aforementioned issue.
If you’re not using Audio & Video uploading features you can skip this release and wait for PeepSo 2.2.5. It should come out next week according to our regular two week release cycle.
Reactions & comments
Due to increased security measures, you can now only log-in using your e-mail address.
If you do not remember your e-mail address, send us an email at support@peepso.com
Comments
The following PeepSo add-on plugins are incompatible with PeepSo Foundation 2.2.4. Please update PeepSo Foundation and the add-on plugins to avoid conflicts and issues.
Core: Audio & Video (2.2.3)
Extras: AutoFriends (2.2.3), Email Digest (2.2.3)
Core: Polls (2.2.3)
Extras: User Limits (2.2.3), VIP (2.2.3), WordFilter (2.2.3)
Core: Friends (2.2.3), Groups (2.2.3)
Monetization: LearnDash (2.2.3)
Core: Chat (2.2.3), Photos (2.2.3)
Monetization: WooCommerce (2.2.3)
Are all the others going to be updated soon?