Pretty Link Plugin for WordPress has a new security update to fix a cross-site scripting vulnerability.
Pretty Link Lite Version 1.5.6 and Pretty Link Pro Version 1.5.6 were released on January 6, 2012. And according to the plugin's Changelog, the vulnerability could have affected a very small number of users.
I'm not exactly sure what they mean by “a very small number of users,” but the plugin has been downloading 392,206 times. Last week the plugin was downloaded 10,497 times.
Although I love the functionality of this plugin and use *Pretty Link Pro, my concern is the number of “security fixes” it has listed on it's changelog.
- Version 1.5.6 – Fixed a cross-site scripting vulnerability that could have affected a very small number of users.
- Version 1.5.4 – Fixed XSS Vulnerability
- Version 1.5.1 – Fixed another XSS Vulnerability and made some big security enhancements
- Version 1.5.0 – Fixed XSS Vulnerabilities
However, I am happy that the developer makes these necessary security updates.
If you're using the Pretty Link Plugin, I highly recommend you upgrade to 1.5.6 immediately.
UPDATE: January 9, 2012
Blair Williams, the developer of Pretty Link, clarified things for us in his comment:
Hey there Regina … I just wanted to clarify that we have recently been going through the code to proactively eliminate any security issues and have made some great changes to protect our users. We've also had 3 independent security audits as well which have turned up some cross site scripting issues that we cleaned up quickly.
We're trying our best to address any security vulnerabilities we find within 24 hours of verifying them — we really want our users to have the safest experience possible using our products.
As for the phrase “small number of users” … in this case it just means that a) if your site is running on a properly configured web-host you'd never be affected by these issues b) we never had any reports from our users that they had problems with these and c) I'd be very surprised if any of our users had any issues with any of these issues.
Hope that helps clarify 🙂 …
Leave Your Feedback
Are you using Prettylink on your WordPress blog? Or do you recommend another link shortener/tracker? Have you been affected by any of the vulnerabilities from this plugin? Please leave your comment below.
* Denotes our Affiliate Link. If you a make a purchase through this link, we may receive a commission. See our Disclosure.