Recent XSS Vulnerability
-
I noticed what to me seemed like some examples of this issue in your excellent plugin Admin Menu Editor, at least if I fully understand the documentation omission that led to it. For instance:
$hide_url = add_query_arg($hide_param_name, 1);
Since no URL is provided in the third parameter of add_query_arg, does this mean that the vulnerability exists in your code? There were other examples but I’m sure you are more familiar with it than I. Please let me know if I am mistaken, and/or if there will be an update soon to handle it. I’m trying to complete a security audit for clients.
Thanks again for your work.
Viewing 2 replies - 1 through 2 (of 2 total)
Viewing 2 replies - 1 through 2 (of 2 total)
- The topic ‘Recent XSS Vulnerability’ is closed to new replies.
