Well, This version fixes some issues. Does not fix others (Yes, anonymous translation is enabled by default, if you wish – turn it off, it is your call, not a security problem). Also, an editor *SHOULD* be able to see which people created translations before him in the translation log. This is not an “information disclosure” but rather a feature, very similar to your ability to see who wrote a post on your site. If you don’t want it, just don’t allow anyone other than admin to translate and you are “safe”.
This version also fixes the XML sitemap issue, since they have upgraded a minor version (4.1.4 to 4.1.5) yet changed everything internally (mixed case to camel case, not too important, but still, a breaking change).
Another important thing, I will no longer be using wordpress.org, I honestly believe that I don’t work for them. I really don’t trust and confide in them, and this is final. New releases will be here, if the plugin update mechanism works on your site you will be able to upgrade. I will also soon remove the .1 ending from versions, since there will only be one version.
If you have anything to say to me, please use the contact form here, I will probably answer in due time. Commenting on those posts also work.
Good luck and have fun using this version.
The transposh.org wordpress plugin showcase and support site
Unfortunately version 1.0.9 stopped showing translations for me. When permalinks are enabled, it just redirects to the original URL. If permalinks are disabled, it just shows the english version. Rolling back to 1.0.8 fixed it.
Naturally this should not happen, please contact me via support so that I can test this.
I’m also having this issue. I’ve sent you an email through your contact form.
I replied, my guess is that there is broken html om your site and the parser fails.
It is really a very good module and it is a shame that it is lost because in many places it warns of Vulnerability and the author does not want to update the information and the download link in WordPress (for legitimate issues that I don't know about), which would inform other systems that this vulnerability does not exist.
This to many users to not install the plugin.
I can not, and will not update this on wordpress.org, I no longer have access there, nor do I want my access there restored. If you wish, post on the forum there that a new version exists.
I still think it's a mistake. And that hurts Plesk users (i de WordFence). I was one of those who was about to donate to you or even buy a license, if it were possible, because the module is very good, but if in the Plesk installations I get the error every time “WordPress Transposh WordPress Translation plugin <Permanent Link 1.0.8.1 – Sensitive Information Disclosure vulnerability" i "WordPress Transposh WordPress Translation plugin <Permanent Link 1.0.8.1 – Unauthorized Settings Change vulnerability " my customers are not happy.
If you don't have a way to report that your module is not vulnerable, WordFence does not update it in its database. Think about what you are doing, please. I think it is hurting you and many others as well.
Hi,
Again, my hands are tied here, nothing much I can do. regarding your clients, you may simply change the directory name of the plugin, this will probably remove said notice.
Also, naturally – wordfence is wrong here, since the version is higher. You may also attempt to explain this to your clients.
Good luck.
Ok. Thanks.