Vulnerabilty
-
The strings listed on the Strings Translation page aren’t escaped before outputting. Try this:
pll_register_string( ”, “<script>alert(‘hello’)</script>”, ‘WordPress’ );
Viewing 2 replies - 1 through 2 (of 2 total)
Viewing 2 replies - 1 through 2 (of 2 total)
- The topic ‘Vulnerabilty’ is closed to new replies.
