Authenticated (Contributor+) Stored Cross-Site Scripting

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author Sabuj Kundu

    (@manchumahara)

    Hi,

    We are checking the issue with highest priority. Please note that contributor cannot publish a post so it’s not high level security issue right now but should be fixed which we agree and eager to fix. We will release a new version with better sanitization and escaping.

    Thread Starter Richzendy

    (@richzendy)

    Thanks for your quick response, but i think is not a only contributor access, an attacker took advantage of this vulnerability and contaminated all the php sites on my VPS with cryptocurrency mining malware and redirecting my sites to advertising pages.

    With removing the plugin and clean my vps, all come back to normally.

    Plugin Author Sabuj Kundu

    (@manchumahara)

    it seems to me there is certainly there is another backdoor, our plugin was 2nd. You must check overall again.

    we will update within next sunday/monday.

    Plugin Author Sabuj Kundu

    (@manchumahara)

    New version released

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Authenticated (Contributor+) Stored Cross-Site Scripting’ is closed to new replies.