WP Sudo 4.1.0 — security hardening #115
dknauss
announced in
Announcements
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Security-hardening release. Requires WordPress 6.4+, PHP 8.2+.
admin_init+ login-session binding of the sudo proof (fix(gate): close two action-gating completeness gaps (CVD) #102); REST effect-level backstop for custom routes (feat(gate): REST effect-level backstop + audit methodology (deferred #102 follow-ups) #104).grant_super_admin, so it covers REST/AJAX/unauthenticated paths. Filterswp_sudo_guard_escalation/wp_sudo_allow_escalation, constantWP_SUDO_ALLOW_ESCALATION, high-severitywp_sudo_escalation_blockedevent. Known limits: runtimeuser_has_cap/map_meta_capgrants and direct$wpdbwrites are not caught (feat(security): role-aware admin-escalation guard with App-Password policy deference #111).Full notes: see CHANGELOG.md (## 4.1.0).
This discussion was created from the release WP Sudo 4.1.0 — security hardening.
Beta Was this translation helpful? Give feedback.
All reactions