Sanitize user input
-
Please sanitize user input in onwp-options to onwp_settings[client_id] and onwp_settings[client_secret]. There is a risk of cross-site scripting security vulnerability. I was not able to bypass anti-CSRF protection and lower level users did not have permission to change these settings so at the moment there is no security issue, but this could change in future versions of this plugin.
Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
- The topic ‘Sanitize user input’ is closed to new replies.
