SECURITY RELEASE: PeepSo & Gecko 3.7.0.0

Fixes an issue where non-administrative users could find a way to perform administrative front-end tasks such as editing other users’ posts, avatars, covers etc.

Watch the release video

Security improvements

More privilege-related bugs fixed

Following the privilege escalation bug patched in 3.6.0.2 we ran some additional code review and found more security related issues. They are all related to the same common root problem: allowing a non-administrative user to perform front-end PeepSo administrative tasks such as editing posts, avatars, covers of other users.

Since there is no permanent privilege escalation and the problems are contained within specific front-end functionalities, these are not as severe as the previous one, so the fixes will only be available in 3.7.0.0 and later releases, without backports or patches for older versions.

Lowered system requirements

This release reintroduces support for WordPress 5.4 and PHP 7.2 in an effort to make upgrading to latest PeepSo versions more inclusive and easier for everyone. We have decided staying on outdated PeepSo has more disadvantages than outdated PHP.

We still strongly recommend upgrading at least to PHP 7.4 and latest WordPress, but as of 3.7.0.0 PeepSo will work with PHP 7.2 and WordPress 5.4 again. So if some reason you are stuck on the old versions, latest PeepSo will run on them again.

More flexible pricing

To make sure as many people as possible can upgrade to the latest & safest PeepSo, we have enabled a “no subscription” checkout option – you can now buy a yearly license without committing to automatic renewals. Combined with this year’s price cut we hope more people will stay updated, so that we can all feel safer. You can now get PeepSo for as low as $99 for the Basic Bundle, followed by $199 for Starter and $299 for Ultimate. And all our Bundles contain the Gecko theme for free. Check our pricing to learn more.

We also introduced non-recurring five year licenses featuring some very attractive pricing (pay 3 years, get 2 extra for free).

Friends & AutoFriends

Maximum amount of friends

There is a new configuration tab in PeepSo Configuration: Friends. It contains a new setting “maximum amount of friends“. The default number is 200 and you can customize the limit, keeping in mind that excessive friendship connections might result in degraded performance.

AutoFriends is no longer a standalone plugin

The AutoFriends plugin was merged into the Friends plugin. Starting with PeepSo 3.7.0.0 there is no need to have AutoFriends enabled. If you are on Starter or Ultimate bundle, it means one plugin less for you, and if you are on Basic, it means a new free feature.

The configuration options for AutoFriends are in the same Friends config tab. The aforementioned friends limit will apply to AutoFriends as well.

The Friends configuration tab now houses both the “Maximum amount of friends” and all AutoFriends features.

Other improvements

TranslatePress

We are currently working on TranslatePress compatibility to achieve at least partial multilingual capability. PeepSo 3.7.0.0 works well with TranslatePress, and we have improved styling of the Gecko primary menu, were it to contain the TranslatePress language switcher.

The majority of features work fine, but notifications are generated in the wrong language (the language of the sender, not the receiver). Improving that will take us a long time, as we need to introduce a notification system that is translated when displayed, not when generated.

Chat

If you encounter an issue where one of the parties in a conversation does not see the messages, please make sure to deactivate and reactivate the Chat plugin after updating. The plugin needs to run some housekeeping on its database tables. After that is done, the feature should start working fine for new messages.

Paid Memberships Pro

The recent PMP update introduced an admin JavaScript file which indiscriminately hides form fields in the admin section of the site, including fields that do not belong to PMP. That causes all PeepSo config options to disappear. We introduced a hot-fix which forces WordPress to dequeue the PMP JavaScript from pages belonging to PeepSo.

Don’t have the Bundle but you would like to have access to all current and future plugins hassle-free?

Check our offer!

PeepSo Ultimate Bundle

$199

Choose license option

Get access to every single plugin and theme we have on offer.

  • 1 year of free updates
  • 1 year of 24/7 * Technical Support
  • 1 year access to future plugins (if any)
  • Early Access Program
  • Our ❤

Brought to you by PeepSo Team Matt Jaworski
I am a professional nerd with **over fifteen years of experience** in the field of Open Source web development. Before [PeepSo](https://PeepSo.com) I was a contractor and have helped build successful businesses around the world, including USA, UK, Germany, Indonesia, and Malaysia. A couple of years leading up to founding PeepSo, I was involved with JomSocial - a social networking extension for Joomla. Stepping up from the role of a contractor to a business owner, I became [PeepSo](https://PeepSo.com) founder and Chief Technology Officer. I strive to build beautiful, fast, and functional software that **empowers users to build their own digital tribes with full autonomy and freedom** often not available on mainstream social networking media. In 2022 I launched [EmeraldWP](https://EmeraldWP.com) which acts as an umbrella for my other projects such as ListoWP, Widget Shortcode Pro, and MomentsWP.

Reactions & comments

Join Our Community!
Join us to discuss PeepSo's features, connect with the development team and give suggestions.

Comments

@peepso_user_39541(Dirk Vervoort)
I'm not very happy with all those updates today, since the last two updates there is a problem with Peepso's operation, I made a ticket but the workers don't want to view the problem because multisite is activated on my main site but it isn't getting it yet used. When passing on the account details, peepso looks at data on my site that are not related to the problem and I have now blocked access for Peepso technicians.
So I will not extend my abbo and certainly not expand to the 5 annual ultimate abbo for 5 sites because I don't get support for problems within the Peepso program!
Dirk Vervoort shared a GIF
August 17, 2021 1:50 pm
@peepso_user_10(Matt Jaworski)
@peepso_user_39541(Dirk Vervoort) I'm sorry you feel that way, but we do not support multisite even if it's "not used". If it's enabled we are unable to render tech support, that has always been the support policy.
August 17, 2021 10:30 pm
@peepso_user_14236(Justin Ormerod)
I have the ultimate bundle. Should I uninstall the AutoFriends plugin and if so then is there any action to take first?
August 17, 2021 3:29 pm
@peepso_user_10(Matt Jaworski)
@peepso_user_39541(Dirk Vervoort) we configured threads to be collapsed on our pinned posts, which might lead to misunderstandings 😉
@peepso_user_39541(Dirk Vervoort)
@peepso_user_10(Matt Jaworski) I understand what happened. Thank you.
August 18, 2021 7:40 am