Cross Site Scripting (XSS) Vulnerability | ww.wp.xz.cn

ChrisL
(@chrslcy)

2 months ago

Patchstack reports that the latest version (0.9.1) is still vulnerable: https://patchstack.com/database/wordpress/plugin/link-whisper/vulnerability/wordpress-link-whisper-free-plugin-0-9-0-reflected-cross-site-scripting-xss-vulnerability

Viewing 3 replies - 1 through 3 (of 3 total)

Plugin Author Matt_Bissett
(@mattbissett)

1 month, 4 weeks ago

Hey Chris,

Thanks for pointing that out and for sharing the Patchstack link.

I’ve released a fix for the vulnerability in the 0.9.2 update of Link Whisper Free. If you update to that version, the issue should be resolved.

It may take a day or two for Patchstack to review and verify the fix on their end, so their database may still show the previous status for a short time. But the patch is already included in the latest update.

Appreciate you bringing it up.

Warm regards,
Matt

Thread Starter ChrisL
(@chrslcy)

1 month, 4 weeks ago

Thanks for the update!

Chris

Thread Starter ChrisL
(@chrslcy)

1 month, 1 week ago

Hi Matt,

Are you aware that Patchstack is still listing the plugin as vulnerable, up to and including the latest version?

WordPress Link Whisper Free Plugin <= 0.9.2 is vulnerable to a medium priority Cross Site Scripting (XSS)
https://patchstack.com/database/wordpress/plugin/link-whisper/vulnerability/wordpress-link-whisper-free-plugin-0-9-0-reflected-cross-site-scripting-xss-vulnerability

Viewing 3 replies - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.

Tags

5 replies
2 participants
Last reply from: ChrisL
Last activity: 1 month, 1 week ago
Status: not resolved