Security Warning: needs update

  • Wordfence just gave me the following error message for this plugin:

    Plugin Name: WP DoNotTrack
    Current Plugin Version: 0.8.8
    Details: It has unpatched security issues and may have compatibility problems with the current version of WordPress.

Viewing 1 replies (of 1 total)

  • I can confirm there’s an authenticated stored XSS vulnerability (in laymen-speak: if you are an administrator you can use the some of the option-fields to add malicious JavaScript to the settings-page) and the plugin has for now been closed. I hope to have time for a rewrite of the plugin to fix the issue as part of a rewrite which will likely switch to allowlist-only and use CSP (content security policy).

    frank

Viewing 1 replies (of 1 total)
  • The topic ‘Security Warning: needs update’ is closed to new replies.