Vulnerability (Reflected Cross-Site Scripting) and closed in WP store

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Author Joel James

    (@joelcj91)

    Hey @andrewlmacaulay

    Thank you for the heads up. Yes I am aware and pushed the suggested fixes. Waiting for plugin’s team response now.

    Thread Starter Andrew M

    (@andrewlmacaulay)

    Thank you.

    Hopefully the plugin team will turn it around quickly ??

    First of all, thanks for the plugin, it’s great ??

    Any update about this? In the report, it is said: “This is only exploitable when the leave a review notice is present.” What does that mean? I don’t see any option about leaving a review in the settings, so in which situation is the vulnerability exploitable, and is there a way to make sure it doesn’t happen before the updated version is released?

    Thanks!

    Plugin Author Joel James

    (@joelcj91)

    @manni02 I have pushed the fixes and still waiting for wp.org plugins team’s response.

    To my understanding, this is not a very critical vulnerability, so you don’t have to worry ??

    Thanks for the update Joel. Yes, it doesn’t sound critical, so I’m not worrying ??

Viewing 5 replies - 1 through 5 (of 5 total)
  • You must be logged in to reply to this topic.