Home › Forums › Product Support Forums › Ajax Search Pro for WordPress Support › Plugin Security Vulnerability
This topic contains 3 replies, has 2 voices, and was last updated by Ernest Marcinko 6 years, 7 months ago.
- AuthorPosts
- September 11, 2017 at 10:29 am #14639
Hi Ernest,
We ran Code Scanner through a WordPress Security Plugin and received the following, specific to your Plugin:
Vulnerability found
Code Scanner found Cross Site Scripting (XSS) vulnerability. An attacker can exploit this!: 29
<div class=”errorMsg”>This search instance (id=<?php echo $_GET[‘asp_sid’] ; ?>) does not exists.</div>
Vulnerability found
Code Scanner found Cross Site Scripting (XSS) vulnerability. An attacker can exploit this!: 106
<div id=”wpdreams” class=’wpdreams wrap’ style=”min-width: 1280px;” data-searchid=”<?php echo $_GET[‘asp_sid’]; ?>”>The Plugin author suggests this vulnerability to be removed ASAP.
Thanks.
September 11, 2017 at 10:53 am #14640Hi!
Thank you very much for reporting this back to me!
I will look into this in more details, but fortunately this is only a back-end accessible file inclusion. Basically only the logged in administrator could maybe do something with it, it is not accessible for anyone else. Nevertheless I will definitely change it, just in case.
Best,
Ernest Marcinko
If you like my products, don't forget to rate them on codecanyon :)
September 11, 2017 at 10:56 am #14641Pleased to be helpful.
Thanks.
September 11, 2017 at 10:57 am #14643You cannot access this content. Best,
Ernest Marcinko
If you like my products, don't forget to rate them on codecanyon :)
- AuthorPosts
The topic ‘Plugin Security Vulnerability’ is closed to new replies.