FES 1.3.5 Security Release

An update for the front-end submissions extension was released today. This update includes a fix for a security vulnerability relating to Event thumbnails.

Only sites allowing users to upload an event thumbnail are affected. The bug allows users, under certain circumstances, to circumvent the upload file type and size checks.

Such files are still subject to the size limits imposed by WordPress. Furthermore, by default, WordPress will not execute uploaded files.

You are strongly advised to update to 1.3.5, and to check for any potentially malicious files attached to submitted events.