Greetings FoxyPress Users,

We’ve modified the plugin in a few areas, but added a cool new feature. We found the Easy Zoom Image jQuery library and decided to offer it as an option in addition to Colorbox or the simple image change. Your WP 2013 theme can look like this right after downloading FoxyPress and configuring a few simple things.

Lastly, here is the changelog

• Update: We fixed a couple of places we had “wp-content” hard coded. This was hindering certain security plugins from working.
• Bugfix: Validation for adding items with options where many products exist on a single page was not functioning. Single product view was fine.
• Bugfix: Ajax file for status management had some concatenation issues regarding line breaks.

Thanks for using FoxyPress and don’t forget to inquire in our forum with any questions you might have.

Dear FoxyPress Users,

We have fixed a few issues with the plugin that were causing you headaches I’m sure. Good news is we have a team member that is going to be taking on FoxyPress updates more regularly. We are looking at our  UserVoice forum for feedback to implement. We have the primary category addition complete, but need to do some final testing before releasing to you all.  Let us know if you’re interested in being a beta tester. We’d love to have you help us find bugs before we go to production.

1. * BugFix: #5 – Addressed URL verification for redirect URL in the foxypress-affiliate.php file. The url is being checked with esc_url.
2. * Update: WordPress 3.5 Media Upload fix.

Here is the process for how you should upgrade if you have not already:

1. Login to WordPress
2. Click on the Updates tab under “Dashboard”.
3. Update to 0.4.2.7 FoxyPress.

Thanks for using FoxyPress

Greetings FoxyPress Users,

We had some security vulnerabilities brought to our attention.  We would strongly encourage that you email us directly at admin@foxy-press.com if you find a security vulnerability.  We are going to create a form specific to these inquiries, but in the mean time, we would like to stress that we are extremely concerned for our user’s security and overall site health. If you find something that would create a vulnerability for these users, do not spread word of it. Talk to us and we will resolve it and keep the community safe.

We are working through this list provided by Waraxe. Unfortunately these issues were not brought to our attention in private, but instead spread across the internet, so now we are fighting them in real time.  Regardless of the fact that we do not approve of how the issues were brought to us, we are thankful that these were found out and we can address them.  We are working as quickly as possible to patch these.

• #1 – Addressed file extension issue. Upload cannot occur unless it is a valid extention (.jpg,.jpeg,.gif,.png,.zip)
• #2 – The table name is now a part of the documenthandler.php instead of being passed by POST variables
• #3 – Row is queried before assigning variables to the page. ID is checked for numeric as well. User is redirected if invalid.
• #4 – ID is checked for is_numeric before querying.
• #5 -
  • case 1: checked for valid ORDER inputs.
  • case 2: checked for valid banner ID, redirect with warning message if not found.
  • case 3: checked for valid affiliate ID, redirect with warning message if not found.
• #19 – protected the ajax.php file with a check for if the ABSPATH is defined.

With all of this said, we appreciate your patience in us fixing these issues and we should have another update out shortly that will address the rest of the issues. Please upgrade to the latest version of FoxyPress: 0.4.2.6 from the WordPress repo or from the upgrade in WordPress.

Thanks,

FoxyPress Team