Not currently using this plugin, but interested… | ww.wp.xz.cn

Resolved blondebuttercup
(@blondebuttercup)

11 years, 1 month ago

Hello.

I read just recently about an XSS issue with multiple WP plugins being vulnerable, sucuri blog post on April 20, 2015.

Did/would your plugin have caught the attempts to misuse the add_query_arg() and remove_query_arg() functions?

I am just beginning the development of my first WP site and have a localhost version nearly ready for prime-time. I have just started plugin research and security is my first task. This plugin seems to me the way to go, but I was curious about how you all fared with this recent issue?

Thanks for any and all responses,
D.

https://ww.wp.xz.cn/plugins/wp-simple-firewall/

Viewing 1 replies (of 1 total)

Plugin Author Paul
(@paultgoodchild)

11 years, 1 month ago

Hi,

The question is… would our plugin have “caught” this problem? No, there’s very little way to “automatically catch” an issue like this.

That said though, with the way our plugins use add_query_arg(), luckily none of our plugins are susceptible to the XSS issue that has been reported.

This is an unfortunate security vulnerability which to be fair on developers is very easily done in the circumstances.

Hope this helps.

Viewing 1 replies (of 1 total)

The topic ‘Not currently using this plugin, but interested…’ is closed to new replies.

Tags

XSS Vulnerability

1 reply
2 participants
Last reply from: Paul
Last activity: 11 years, 1 month ago
Status: resolved