Bad Behavior 2.2.19 has been released. This is a security release affecting WordPress users, who should update as soon as possible.
The following changes have been made since 2.2.18:
- WordPress: In certain circumstances, a cross-site scripting attack was possible via the Bad Behavior Whitelist options page. This issue has been fixed.
- WordPress: Protection from cross-site request forgery (WordPress nonces) has been added to the Bad Behavior Whitelist and Bad Behavior Options pages. This covers cases where Bad Behavior’s built-in CSRF protection is disabled or ineffective.
These issues were reported by Plugin Vulnerabilities.
Just as a reminder, if you use CloudFlare on your site, you must enable the Reverse Proxy option in Bad Behavior’s settings, or many of your visitors and search engines will be blocked.