The FeedBurner Feedsmith plugin for WordPress which consolidates all of your WordPress RSS Feeds into one, has undergone a small security update. According to Feedburner, older versions of FeedSmith, can be vulnerable to what is called a “cross-site request forgery.” This permits someone to change WordPress plugin settings on your system without you noticing during the time you are signed into your WordPress control panel.
Feedburner recommends downloading the latest version of the plugin, FeedSmith V2.3 as this version ensures that the only person who can change FeedSmith settings is the administrative account that is signed into your WordPress account.
Here are the directions to update your plugin.
- Download version 2.3 of the plugin.
- Sign in to your WordPress admin control panel.
- Under Plugins, locate the current FeedSmith plugin, and click “Deactivate.”
- Copy the plugin file, FeedBurner_FeedSmith_Plugin.php into your default WordPress plugin directory, wp-content/plugins/
- Reactivate the plugin by logging in to your WordPress administration area, clicking Plugins, then clicking Activate at the end of the “FeedBurner FeedSmith” row.
At the end of this process, v2.3 will be active and will use your existing feed redirection settings; there is no need to re-enter them. You will also be protected against any potential request forgery attack.