Taxonomy description field

  • Resolved cameliafilip

    (@cameliafilip)


    3 years, 8 months ago

    We’ve been notified about this vulnerability by wp scan:

    The plugin does not sanitise its Taxonomy description field, allowing high privilege users to set JavaScript payload in them even when the unfiltered_html capability is disallowed, leading to an authenticated Stored Cross-Site Scripting issue.
    https://www.awesomescreenshot.com/image/10119677?key=67997949ac1cbf84d4b0c19b054ec037

    Could you please confirm if this indeed is a problem and when it will be fixed?

    • This topic was modified 3 years, 8 months ago by Yui.
    • This topic was modified 3 years, 8 months ago by Yui. Reason: unfurl shortlink
Viewing 2 replies - 1 through 2 (of 2 total)
  • Moderator Yui

    (@fierevere)

    永子

    If you have LATEST version 3.0.7.2
    this issue is fixed.

    Plugin Author Steve Burge

    (@stevejburge)

    @fierevere @cameliafilip Yes, that’s correct.

    WPScan reported this issue last week and it was fixed in version 3.7.0.2.

    The issue was only for high-level users who have access to key parts of your site’s admin area.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Taxonomy description field’ is closed to new replies.