We have identified and resolved a Cross-Site Request Forgery (CSRF) vulnerability on the settings page. This fix enhances the security of our application by ensuring that unauthorized requests cannot be made on behalf of a user.
Fixed:
- Resolved a Cross-Site Request Forgery (CSRF) vulnerability on the settings page.
- Fixed behaviour when uploading and downloading current images to and from Uploadcare storage.
- Autotests support.
Added:
- Bulk download files from the server.
Compatibility:
- Tested in WordPress up to version 6.5.4.