XSS security vulnerability

Viewing 13 replies - 1 through 13 (of 13 total)

  • seems to be fixed:

    2.3.3
    Security Fix : protection against cross site scripting

    although the author never replied to this thread?

    Is the plugin still safe?

    https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4117

    Has not been updated for almost a year and the link to the author’s website, demo and suggestions/feedback just goes to a blank screen.

    Thread Starter henrisalo

    (@henrisalo)

    No. Plugin category-grid-view-gallery is still affected by CVE-2013-4117 and maintainer of the plugin has not responded anything. Not a critical vulnerability, but it should be fixed.

    That’s really bad news. I finally found a plugin for what I wanted but its not worth the security threat. Hopefully everyone who uses it is made aware of this.

    Does anyone know any other plugin that displays grid thumbnails of posts pulled from categories?

    Thread Starter henrisalo

    (@henrisalo)

    I can try to fix that vulnerability for you. I have no way of contacting original author of this plugin to get it officially fixed. I can also contact WordPress plugins team if they can do some coordination work. This plugin should be audited completely if users still rely on this.

    Thread Starter henrisalo

    (@henrisalo)

    Reproduced issue in 2.3.3 version of this plugin. Emailed to [email protected] as I do not have author’s contact details.

    I agree, if there’s still a vulnerability, it should either be removed or fixed. I was a little leery about still using it mainly because the author just up and dissapeared. Having a security issue and then not having an accessible site paired together seems a little shady to me.

    Does anyone have a suggestion for a similar plugin, since the author of it is MIA? I’m leary of using it but it does exactly what I’m looking for.

    I’m wondering this too. Took me a week over to find this plugin. If you find something similar drop a note here!

    Cooking Jar you asked about other plugins?

    I found

    Featured Image Thumbnail Grid

    Very simple. Needs some css work, but it does what I need. And all the variables are available in the shortcode.

    Hey, thanks for the suggestion. I remember trying that before but it didn’t work out, I can’t remember why. I tried so many plugins my memory is sorta smushed together on what they all are.

    I did find one by luck and I’m using that now: Category Thumbnail List

    Author updated it only a few months ago. It just needs some pagination built into it but it’s super easy!

    Here’s an example:
    https://www.thecookingjar.com/categories-dinner/

    Hi,
    I took the Category Grid View code and have modified it so it is much simpler to use (I also removed some of the functionality in my quest to simplify it). I have created a new plugin called Visual Recipe Index that may help others.

    One of the things that I removed was the file that contained the XSS security issue, so that is fixed in my plugin.

    Since I am now quite familiar with the codebase it would be pretty easy for me to take over the plugin if I can get a response from the author. Otherwise I could just rename it and continue it under a different name (I have also made some improvements, like not having to know your slug or category id).

    Is there interest in that?

    This topic is 10 months old. Please post your own topics.

    Closing…

Viewing 13 replies - 1 through 13 (of 13 total)
  • The topic ‘XSS security vulnerability’ is closed to new replies.

Tags