This plugin got an xss reflected at this url :
/wp-admin/options-general.php?page=pbpNewsticker&action=edit&ticker_id=999%27%22%3Cscript%3Ealert%281%29%3C%2Fscript%3E
There is also stored xss on the saved newstickers.
plz modify the plugin to escape js/html.
regards.
]]>Hello,
I am using the “recent post” list in my ticker application.
But the script misses the first item (= the latest post).
It always starts with the second item – showing nothing in the first period of time (4 sec.).
Has anyone else experienced sth. similar?
My feeling is that the loading of the complete page is to slow for the ticker and so the plugin is already preparing the second item.
Is there a way to delay the “grabbing” of the posts (or alternatively delay the output)?
Btw: I receive a few error messages when saving the parameters although all of the settings are changed correctly. And disregarding my little problem it works fine!
Regards, Mr. Proxy (WP 4.4.2, PBP 1.3.2)
https://tennispark-gernlinden.de/
Hi, I like your plugin, but I notice when I activated it, it inserts a hidden link with "<a style="display:none;" href="https://searchsongs.net/4shared_songs_download.mp3.html">4shared</a>"
How do I remove that? From what I understand, this isn’t good wordpress practice for plugins. Thanks.
]]>