WP-Cumulus 1.22 fixes a security hole, please upgrade!

danger signYesterday, Thomas Scholz alerted me to a security weakness in WP-Cumulus. He noticed XSS hacking attempts targeted at wp-cumulus.php that could, in rare cases allow malicious code to be executed. This issue has been fixed in version 1.22, and I strongly recommend you upgrade straight away. It’s better to be safe than sorry, and the attack has already been seen ‘in the wild’.

WP-Cumulus can be downloaded here, but chances are your blog will notify you of the new version and allow you to upgrade automatically.


  1. Thanks for the update, but could you please make use the new changelog standard from now on? It’s so helpful if one can just look into one central place for the changes done.



    Comment by GhostLyrics — September 27, 2009 @ 11:14 pm

    • Hi GhostLyrics. I was planning to support changelogs, but I wanted to push this update out as soon as I could. I’ll be sure to use the new format in 1.23.

      Comment by Roy — September 29, 2009 @ 9:22 am

  2. I care about when and how it can support Chinese characters?
    I am Chinese ,and I translate it a little。

    Comment by 叶子 — September 28, 2009 @ 4:50 pm

  3. Link: Cumulus – Un plugin Javascript à la wp-cumulus | LudiBlog
  4. Link: WP Cumulus更新至1.22 – 米蟲的國度
  5. Hello Roy,
    Thanks for your security alert, we all like this charming plugin. And we are waiting for the version 1.23

    Comment by Sherman — October 2, 2009 @ 5:08 am

  6. Link: WP-Cumulus is now a team effort | Roy Tanck's weblog
  7. Does is support hebrew?

    Comment by סין — October 28, 2009 @ 11:34 pm

    • Languages other than Latin still require you to edit the swf. We’re hoping that will soon change though.

      Comment by Roy — October 29, 2009 @ 11:53 am

  8. Link: WP-Cumulus updated to address yet another security issue | Roy Tanck's weblog