Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-29431: Remove CPT base

Cross-Site Request Forgery (CSRF) vulnerability in KubiQ CPT base plugin <= 5.8 at WordPress allows an attacker to delete the CPT base.

CVE
Open in Source
#csrf#vulnerability#wordpress#ssl
  • Details
  • Reviews
  • Installation
  • Support
  • Development

Remove custom post type base slug from url

  • possibility to select specific custom post type(s)
  • auto redirect old slugs to no-base slugs
  1. Upload remove-cpt-base directory to the /wp-content/plugins/ directory
  2. Activate the plugin through the ‘Plugins’ menu in WordPress

I easily removed the services slug from the link

Very simple plugin, but works perfectly! 🎉

A simple but efficient plugin that works like charm… 🙂

couldnt get the slug remove done with custom code on one particular site for whatever reason … but this little thing works flawlessly! thanks - please keep it up!! 🙂

Read all 18 reviews

“Remove CPT base” is open source software. The following people have contributed to this plugin.

Contributors

  • kubiq

5.9

  • added nonce and security checks

5.8

  • tested on WP 5.9

5.7

  • tested on WP 5.5
  • minor fix

5.6

  • tested again with WPML, Polylang and Custom Post Type Permalinks and fixed

5.5

  • tested on WP 5.5
  • another fix for Custom Post Type Permalinks plugin

5.4

  • enable previews for CPTs without base

5.3

  • make it works with WPML
  • make it works with Polylang
  • make it works with Custom Post Type Permalinks plugin

5.2

  • tested on WP 5.4

5.1

  • removed auto-prevent slug duplicates
  • removed debug mode
  • removed remove_cpt_base_skip filter
  • use default WP function instead of custom
  • make it works for custom rewrite slugs
  • prioritize page and post like WP does

5.0

  • YOU HAVE TO SAVE YOUR SETTINGS AGAIN, because:
  • added alternation option for each post type separately
  • added debug mode

4.8

  • fix alternative CPT children solving for nested children

4.7

  • alternative CPT children solving

4.6

  • fix server port redirect

4.5

  • make it works for WP installations in directory

4.4

  • minor changes

4.3

  • fix for some endpoints and make sure post is not interpreted as attachment

4.2

  • fix for hierarchical CPTs on some servers

4.1

  • make it works for posts interpreted like category by WP

4.0

  • tested on WP 5.2
  • make it works for hierarchical post types and different permalink structures
  • going back to ‘pre_get_posts’
  • optimize generating slug for duplicate names

3.3

  • change HTTP code from 404 to 200

3.2

  • fix for query strings

3.1

  • add custom endpoint rewrites support

3.0

  • stop using complicated ‘pre_get_posts’ and handle 404 instead

2.3

  • tested on WP 5.0

2.2

  • fix 404

2.1

  • fix redirect loop in WPML and WooCommerce

2.0

  • stop using .htaccess rules

1.2

  • auto init after permalinks updated

1.1

  • add uninstall hook
  • add duplicate slug check
  • minor updates

1.0

  • First version

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE