Store Locator Plus® 5.9 was released last week as a security update for the WordPress plugin community. The plugin was reviewed by the WordPress Directory staff. They chose to keep the plugin closed for what they deemed “potential future issues” with the plugin as well as requests for several changes to follow what they deem “best practices”. Of note in this review is that they did not cite any of the publicly reported vulnerabilities that closed the plugin in the first place as remaining open.
In other words, all reported vulnerabilities were apparently addressed to their satisfaction.
However, they have opted to keep the plugin closed until we can update our coding style. While we are willing to work toward their new “best design practices” for coding style, this is going to take some time. For example, the latest 5.10.1 release of the Store Locator Plus® plugin has replaced the PHP standard <?= shorthand with the longer <?php echo syntax per the WordPress Plugin Directory Team’s request. Not a security issue, but something they requested we change before being re-listed. This requires that we run a full internal test if the updated code before it can be released to the general public.
While we wait for the WordPress Plugin Directory Team to approve re-listing, our self-managed WordPress plugin users can only receive updates to the Store Locator Plus® plugin. You can find this in the WordPress plugin store. You can learn more about the update process in our 5.9 Security Update Released news post.
While we hope that the folks over at WordPress.com deem our plugin worthy of being re-listed in the near future, we have no control over what they will come back with during each review. It could be weeks or months before the plugin is available again in the standard directory with one-click updates being available.
This is one of the biggest advantages to being on the SaaS offering, no need to manually update your locator software. EVER.