This website uses cookies to personalize your experience. By using this website you agree to our cookie policy.

Plugin Security Vulnerability

Home Forums Product Support Forums Ajax Search Pro for WordPress Support Plugin Security Vulnerability

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • September 11, 2017 at 10:29 am #14639
    SkillsrenewSkillsrenew
    Participant

    Hi Ernest,

    We ran Code Scanner through a WordPress Security Plugin and received the following, specific to your Plugin:

    Vulnerability found
    Code Scanner found Cross Site Scripting (XSS) vulnerability. An attacker can exploit this!: 29
    <div class=”errorMsg”>This search instance (id=<?php echo $_GET[‘asp_sid’] ; ?>) does not exists.</div>
    Vulnerability found
    Code Scanner found Cross Site Scripting (XSS) vulnerability. An attacker can exploit this!: 106
    <div id=”wpdreams” class=’wpdreams wrap’ style=”min-width: 1280px;” data-searchid=”<?php echo $_GET[‘asp_sid’]; ?>”>

    The Plugin author suggests this vulnerability to be removed ASAP.

    Thanks.

    September 11, 2017 at 10:53 am #14640
    Ernest MarcinkoErnest Marcinko
    Keymaster

    Hi!

    Thank you very much for reporting this back to me!

    I will look into this in more details, but fortunately this is only a back-end accessible file inclusion. Basically only the logged in administrator could maybe do something with it, it is not accessible for anyone else. Nevertheless I will definitely change it, just in case.

    September 11, 2017 at 10:56 am #14641
    SkillsrenewSkillsrenew
    Participant

    Pleased to be helpful.

    Thanks.

    September 11, 2017 at 10:57 am #14643
    Ernest MarcinkoErnest Marcinko
    Keymaster

    You cannot access this content.

  • Author
    Posts
Viewing 4 posts - 1 through 4 (of 4 total)
  • The topic ‘Plugin Security Vulnerability’ is closed to new replies.