GD Rating System Pro 2.1.1 is a new, minor version that includes a number of updates and fixes, including a fix for a low severity XSS (cross-site scripting) security issue.

This version includes updated code for validating rating item requests, updates to posts addon and additional protection for all form files from direct loading. As for the fixes, few issues with badge/symbol rendering are fixed, some log issues related to ’emote this’ method are also fixed.

Most important fix is for low severity XSS security issue. File log.php in ‘forms’ folder was not properly filtering one query argument, allowing to execute javascript code. In this case, this XSS issue can’t cause any damage, but, all security issue must be fixed, so this problem is fixed and changes are made to prevent potentially similar problems in the future.

If you find any issues with the plugin, please use the support forum to report them.

Please wait...

About the author

MillaN
MillaN
Dev4Press owner and lead developer

Programmer since the age of 12 and now WordPress developer with more than 8 years of WordPress experience, author of more than 100 plugins and more than 20 themes.

Learn More

GD Rating System Pro
Powerful, highly customizable and versatile ratings plugin to allow your users to vote for anything you want. Includes different rating methods and add-ons.
GD Rating System Pro Logo

5 Comments

  1. suge1w says:

    Thanks for this release Milan.

    Any news on the aggregation?

    Please wait...
    1. MillaN says:

      This is planned for next major version 2.2.

      Please wait...
      1. suge1w says:

        Thank you Milan.

        Please wait...
  2. salispahic says:

    Hi Milan

    Where can I find documentation on how to use it with REST API?

    Cheers

    Please wait...
    1. MillaN says:

      Open Help area on the WP Rest API settings page in the plugin settings, there you can see all added endpoints. Also, from the Rating Items panel, for each item you can see link to open WP Rest API URL for that item.

      Please wait...

Leave a Reply

Your email address will not be published. Required fields are marked *