Security Release: PeepSo 2.2.4 & Gecko Theme 2.2.4.0

This security release is recommended for everyone using the file uploads feature in the Audio & Video plugin.

Audio & Video file upload vulnerability

A few days ago it was brought to our attention that the Audio Uploads feature allows uploading other file types. According to preliminary research, files such as PHP or HTML were not going through, which meant the severity of the issue is rather low.

After some more digging we were able to replicate the issue on some browsers combined with certain server setups. As far as we know there is no meaningful way to exploit this by uploading malicious files, nevertheless we decided to tighten up the security just in case and release it as PeepSo 2.2.4.

Other Changes

No other changes were introduced in the Gecko theme nor any other PeepSo plugin, as this version is only shipping a patch to the aforementioned issue.

If you’re not using Audio & Video uploading features you can skip this release and wait for PeepSo 2.2.5. It should come out next week according to our regular two week release cycle.

Brought to you by Matt Jaworski

I am a professional nerd with **over fifteen years of experience** in the field of Open Source web development. Before [PeepSo](https://PeepSo.com) I was a contractor and have helped build successful businesses around the world, including USA, UK, Germany, Indonesia, and Malaysia. A couple of years leading up to founding PeepSo, I was involved with JomSocial – a social networking extension for Joomla. Stepping up from the role of a contractor to a business owner, I became [PeepSo](https://PeepSo.com) founder and Chief Technology Officer. I strive to build beautiful, fast, and functional software that **empowers users to build their own digital tribes with full autonomy and freedom** often not available on mainstream social networking media. In 2022 I launched [EmeraldWP](https://EmeraldWP.com) which acts as an umbrella for my other projects such as ListoWP, Widget Shortcode Pro, and MomentsWP.