Cross-site Scripting (XSS)

  • Hello creators,

    In the embed.php file we have a security hole where applications are vulnerable to XSS attacks.
    To solve this we only need to change

    in:

    echo $ _GET [‘callback’]. ‘(‘. json_encode ($ output). ‘)’;

    for:

    echo esc_html ($ _GET [‘callback’]). ‘(‘. json_encode ($ output). ‘)’;

    We will be protected against such attacks.

    Can we insert this in the next update?

    Thank you very much

  • The topic ‘Cross-site Scripting (XSS)’ is closed to new replies.

Tags