Subscribe: RSS
  • The MODx Evolution 1.0.3 release addresses a number of reported security vulnerabilities with previous MODx Evolution 1.0.2 and earlier releases:

    • XSS possibilities with the SearchHighlight plugin (used by AjaxSearch) as reported in JVN#19774883 and JVN#46669729
    • Unwanted information disclosure about the site structure in the TinyMCE plugin
    • SQL Injection via WebLogin

    We strongly recommend that anyone running previous versions of MODx Evolution (including 0.9.x releases) consider Evolution 1.0.3 a mandatory upgrade.

    Ddownload MODx Evolution 1.0.3:

    Details of other improvements introduced in the 1.0.3 release can be found here:,47756.0.html
      Ryan Thrash, MODX Co-Founder
      Follow me on Twitter at @rthrash or catch my occasional unofficial thoughts at

    This discussion is closed to further replies. Keep calm and carry on.