CampusPress has made a few updates in the month of January. Updates are listed below alongside what changes have taken place.
January Plugin Updates
CampusPress has released updates and fixes to a few plugins offered on WordPress sites. They have also made minor fixes to the CampusPress Flex website theme, which all SHU sites use.
Plugin Updates:
- Google Calendar (using Simple Calendar plugin): Fixes issue with drop down menu not working in Google Calendar Widget when added using the new block editor widget interface. Simple Calendar widget renamed to Google Calendar widget.
- Jetpack: Upgrade from 9.6.1 to 10.4.
- Privacy: Bug fix for username and password field loading on password protected sites after WordPress upgrade so now only the password field option loads.
Themes Updates:
- CampusPress Flex: Fixed possible issues on main site admin area and added some improvements to directory functionality.
WordPress Security Update
On January 7, All CampusPress sites were updated to WordPress version 5.8.3. The last major WordPress update before this was in late December. This update focused on four major security vulnerabilities, which are listed below:
Security Updates
- Props to Karim El Ouerghemmi and Simon Scannell of SonarSource for disclosing an issue with stored XSS through post slugs.
- Props to Simon Scannell of SonarSource for reporting an issue with Object injection in some multisite installations.
- Props to ngocnb and khuyenn from GiaoHangTietKiem JSC for working with Trend Micro Zero Day Initiative on reporting a SQL injection vulnerability in WP_Query.
- Props to Ben Bidner from the WordPress security team for reporting a SQL injection vulnerability in WP_Meta_Query (only relevant to versions 4.1-5.8).