wp-foft-loader plugin MIME type validation fix

From the screenshot of this webpage, the following key vulnerability-related information can be obtained: Plugin Directory and File: The modification targets the plugin, specifically the file . Change Set Number and Commit Information: The change set number is 3453101, committed by on February 3, 2026, at 05:15:23 PM. The version was updated to v2.1.40. Commit Description: The commit message states “SECURITY: Proper check for file & MIME type”, indicating that this change primarily addresses a security-related issue, specifically involving proper validation of file and MIME types. Code Changes: - The function was updated to include new MIME type validation logic: - Removed previous hardcoded assumptions for and file types, replacing them with actual file extension extraction using . - Introduced an array containing permitted file extensions ( ), and used to retrieve the actual MIME type of the file. - Added an array containing permitted MIME types: , , , . - Implemented checks to ensure the file’s actual MIME type is within the allowed MIME types list and that the file extension matches the allowed extensions. This change helps prevent security issues caused by improper MIME type validation, such as file injection attacks or other exploits stemming from incorrect file type handling.

Goal Reached Thanks to every supporter — we hit 100%!

wp-foft-loader plugin MIME type validation fix