This update has been released as our plugin was put down due to a security vulnerability. But we acted on it very quickly and pushed a more secure update within a couple of days and now the plugin is back online.
As a lead developer, I did a meeting with my development team and told them to stop working on the update cycle and read the ‘PHP Coding Standards’ at PHP coding Standards from WP and run these rules at WordPress Coding Standards to make sure that we follow the WordPress coding standards.
Here are things which we’ve fixed in this update:
- Added wp_nonce wherever required for WordPress’s security tokens and to protect URLs & forms.
- Improved Facebook Instant Article and Analytics sanitizers.
- ABSPATH (Absolute Path) code added to improve and avoid security issues.
- User privileges added wherever required to have the proper permission.
- Overall code improvement to resolve XSS security issues.
- Removed unused code & files.
- Credits and license added for AMP by Automattic, Merlin, Aqua-Resizer & TinyMCE.
Also, we thank all our users for their cooperation and support when our plugin was not online, as now our plugin is back online we wish all our users a great AMP experience.
As always, You keep giving the feedback and we will keep implementing them!