This topic contains 3 replies, has 2 voices, and was last updated by 
- Posts
Hi Ernest,
We ran Code Scanner through a WordPress Security Plugin and received the following, specific to your Plugin:
Vulnerability found
Code Scanner found Cross Site Scripting (XSS) vulnerability. An attacker can exploit this!: 29
<div class=”errorMsg”>This search instance (id=<?php echo $_GET[‘asp_sid’] ; ?>) does not exists.</div>
Vulnerability found
Code Scanner found Cross Site Scripting (XSS) vulnerability. An attacker can exploit this!: 106
<div id=”wpdreams” class=’wpdreams wrap’ style=”min-width: 1280px;” data-searchid=”<?php echo $_GET[‘asp_sid’]; ?>”>The Plugin author suggests this vulnerability to be removed ASAP.
Thanks.
Hi!
Thank you very much for reporting this back to me!
I will look into this in more details, but fortunately this is only a back-end accessible file inclusion. Basically only the logged in administrator could maybe do something with it, it is not accessible for anyone else. Nevertheless I will definitely change it, just in case.
Best,
Ernest Marcinko
If you like my products, don't forget to rate them on codecanyon :)
Pleased to be helpful.
Thanks.
You cannot access this content. Best,
Ernest Marcinko
If you like my products, don't forget to rate them on codecanyon :)
The topic ‘Plugin Security Vulnerability’ is closed to new replies.