One of the changelog entries for the latest version of Advanced Woo Search is “Dev – Update security checks”. That description isn’t entirely accurate as when we looked into what was changed we found that security checks were previously missing and had in fact been added, not updated, in the new version. At least from our quick check over it looks the most serious issue fixed by that change was that there was previously a cross-site request forgery (CSRF)/cross-site scripting (XSS) vulnerability on the plugin’s settings page.

…

[Read more]