latest version – query variable value ?

  • Hi,

    Thank you for the great work on this plugin!

    The latest’s version update reads: “Potential security issue outputting snippets-safe-mode query variable value as-is”

    What is a query variable value and how could this be outputted?

    I have updated to the latest version but I’m unsure what was the security issue and how to check whether my site is affected.

    Again, thank you for your time!

Viewing 2 replies - 1 through 2 (of 2 total)
  • Thread Starter fotinos

    (@fotinos)

    From what I see @ https://wpscan.com/vulnerability/cb232354-f74d-48bb-b437-7bdddd1df42a

    Is it correct to assume that an admin needs to be logged in to the WP site for the “Reflected Cross-Site Scripting” to occur?

    Thank you for your time and again, thank you for the great plugin!

    Plugin Author Shea Bunge

    (@bungeshea)

    Hello,

    Yes, an admin would need to be logged-in for this to occur.

    Even still, it’s something to be wary about, as an administrator could be tricked into clicking on a malicious link posted in the comments section or similar.

    Please let us know if you have any further questions.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘latest version – query variable value ?’ is closed to new replies.