Cross-site scripting vulnerability

  • Resolved Steve West

    (@espedub)


    3 years, 6 months ago

    The WPScan WordPress Vulnerability Database notes, “The settings page of the plugin did not properly sanitize the tab parameter before outputting it back, leading to a reflected Cross-Site Scripting issue”.

    “The settings page of the plugin did not properly sanitize the tab parameter before outputting it back, leading to a reflected Cross-Site Scripting issue.”

    https://wpscan.com/vulnerability/56e1bb56-bfc5-40dd-b2d0-edef43d89bdf

    It also notes that the vulnerability is fixed in v1.3.2. When will v1.3.2 be released? I downloaded the plugin from the WordPress plugin repository (which shows it as version 1.3.1) and even though the Zip file is titled “select-all-categories-and-taxonomies-change-checkbox-to-radio-buttons.1.3.2” when the plugin is loaded into WordPress it shows up as 1.3.1.

Viewing 2 replies - 1 through 2 (of 2 total)

  • @espedub I just heard back from them.

    Hi Kristof

    Thanks for your email.

    We don’t actively check that plugin forum but we will have a look this week and release an update if needed.

    Hope this helps.

    Plugin Author Moove Agency

    (@mooveagency)

    Hi @puregraphx @espedub

    Thanks for checking in.

    The security update was actually included in the previous version but we didn’t increase the plugin version by mistake so you didn’t get the notification about available update.

    This is now fixed, new version released.

    Hope this helps.`

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Cross-site scripting vulnerability’ is closed to new replies.