Football Pool plugin for WordPress ?

  • Resolved fimo66

    (@fimo66)


    10 months, 3 weeks ago

    Hi,

    I got this info today on my board, but is this something i should “worry” about or is this just “info” ?

    Description

    The Football Pool plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.12.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.References

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author AntoineH

    (@antoineh)

    10 months, 3 weeks ago

    The vulnerability has been resolved in the newest version of the plugin. And in most cases this was not something to worry too much about. Admin users could use the plugin to inject javascript code in a page. This means that you have to have other admins, and those would want to do you harm. In most cases admins already have more than enough options to do harm (e.g., by installing a new rogue plugin). Nevertheless, always good to update to close security issues.

    Thread Starter fimo66

    (@fimo66)

    10 months, 3 weeks ago

    Thank you very much for the quick response and the clear, easy-to-understand explanation of the issue and its resolution. It looks like the fix has already been implemented successfully. I really appreciate you taking the time to make this “the best app in the world” 🙂

    and for always being so helpful. Thanks again!

    Plugin Author AntoineH

    (@antoineh)

    10 months, 3 weeks ago

    Please note that you will have to update your version to v2.12.6 (or above) to resolve this vulnerability.

    Thread Starter fimo66

    (@fimo66)

    10 months, 3 weeks ago

    Thank you !

    ……..”Please note that you will have to update your version to v2.12.6 (or above) to resolve yhis vulnerability.”

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘Football Pool plugin for WordPress ?’ is closed to new replies.