Contributed by: Dirk on Sunday, May 02 2010 @ 04:45 am EDT
Last modified on
The Forum plugin 2.7.3[*1] addresses a security issue where an XSS was possible in anonymous usernames, reported by Jaloh Smith.
To upgrade from version 2.7.2, you only need to replace 3 files:
Then simply run the upgrade from Geeklog's Plugin admin panel.
If you don't care about the version number, you can simply replace createtopic.php. As a short-term measure, you can also disable posting for anonymous users entirely: In the Forum's admin panel, select the Settings tab and set the option "Do you need to be registered to create posts" to "Yes".