[Plugin: Tabify edit screen] Security issue
-
Hello
A nonce token is missing in the settings, check “wp_nonce_field()” and “check_admin_referer()” in WP codex. This leads on a CSRF attack
Also, a XSS attack is possible because the title is not sanitized with “esc_attr()” and “esc_html()”.BUT, if i close my eyes on this, this is a great idea ! nice work ??
Waiting for the next patch to use it ??See you !
Viewing 3 replies - 1 through 3 (of 3 total)
Viewing 3 replies - 1 through 3 (of 3 total)
- The topic ‘[Plugin: Tabify edit screen] Security issue’ is closed to new replies.