Comment Attachment 1.0 – XSS – Is it?

  • In my localhost with the plugin Vulnerable Plugin Checker I found a serious warning with this plugin:

    Comment Attachment has a known vulnerability that may be affecting this version. Please update this plugin.

    Comment Attachment 1.0 – XSS

    Screenshot: https://prntscr.com/h317mw

    I tried their email notification (in one of my test site), but there’re no more information to share with you to debug the things. But what I can guess as a developer, I repeat guess, it could be any PHP file-specific code that might not suggested by WordPress, and is not properly escaped.

    FYI, the WPScan code in Github:
    https://github.com/wpscanteam/wpscan

    Thank you
    nanodesigns

    The page I need help with: [log in to see the link]

  • The topic ‘Comment Attachment 1.0 – XSS – Is it?’ is closed to new replies.

Tags