Skip to content
/ wp-yadisk-files Public

[PROJECT ARCHIVED, DO NOT USE IN PRODUCTION] This plugin is created for easy adding files from Yandex Disk service to posts or pages of your wordpress site.

4 stars 3 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

antongorodezkiy/wp-yadisk-files

BranchesTags

Repository files navigation

The project is ARCHIVED and no longer maintained.

jQuery-File-Upload dependency can be vulnerable.

Please use on your own risk.

Please also note the following info about https://github.com/blueimp/jQuery-File-Upload plugin, which is included into the plugin (I received it from Igor Debatur, https://uploadcare.com/ ):

[...] a major security issue that affects websites and applications using the Blueimp jQuery File Upload library, which is used by your wp-yadisk-files repository.

Publicized on October 18th by the Akamai Security Intelligence Response Team and given the id CVE-2018-9206 soon thereafter, this vulnerability allows attackers to trigger remote code execution.

If you have not recently updated this library, you are very likely to be at risk of having your website or application compromised. The fix is to upgrade to the latest version and ensure that your Web server is configured to not execute files in the upload directory.

The exact details of who is affected and how to fix the vulnerability can be read here.

About

[PROJECT ARCHIVED, DO NOT USE IN PRODUCTION] This plugin is created for easy adding files from Yandex Disk service to posts or pages of your wordpress site.

Topics

php wordpress wordpress-plugin

Resources

Readme
Activity

Stars

4 stars

Watchers

1 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages