Dear FoxyPress Users,
We were alerted to some security vulnerabilities by a user. Typically we like to have these presented to us before they hit the public, but these were not, so we had to act quickly. We were alerted yesterday morning of them and today they are fixed.
The majority of the vulnerabilities were issues that a user had to be logged into WordPress to achieve, so they weren’t something that a hacker could act upon without first getting WP access, but they were important just the same. The full list can be found here if you’d like to view it: http://www.waraxe.us/advisory-95.html. It will most likely look foreign to a majority of users, so if you have any questions, please reply and ask!
The good news is we were able to resolve them all and submit a fix to WordPress so you can download the patch and be secure. For the clients that we support directly, we are going to log in and update FoxyPress for you. For the clients that we do not support directly, we would be happy to help out in whatever way we can if you have questions about updating. Here is the process for how you should upgrade if you have not already:
1. Login to WordPress
2. Click on the Updates tab under “Dashboard”.
3. Update to 0.4.2.7 FoxyPress.
The update should run and your installation will have all the necessary updates. If you would like a direct link to the new files instead, you can go here: http://downloads.wordpress.org/plugin/foxypress.zip
We take your security extremely seriously and this is why we have fixed the issues with great speed. We are hopeful that you can let us know if you experience any issues in the future and we are available to answer any questions you might have.
Thanks for using FoxyPress