Still using version <2.4? Please update as soon as possible!

Posted on 10 July, 2012



As written in the changelog of v2.4, my plugin was audited by the City of Vienna and a few days later used on – an official Viennese site monitoring e-participation projects. During this security audit, several security issues were fixed.

I didn´t disclose the details of these bugs (you can although reconstruct them through github), but now I noticed, that Secunia published an advisory confirming the fix of these security issues. A few hours later, I received an Google alert from a Hacking archive, giving instructions on how to exploit those security issues which were fixed with v2.4.

So if you still use Leaflet Maps Marker with a version smaller than 2.4, I strongly advise you to update the plugin immediately.

Security was a big concern for me from the beginning of the development of this plugin. I tried to include every WordPress security best practices I read about – from nounces for forms, prepared statements or input/output validations. Nethertheless – security is a process and I will try to further improve the quality of the plugin, so that it is not only easy but also safe to use.

Any feedback is welcome!