Patchstack: <=17.7 Cross Site Scripting vulnerability | ww.wp.xz.cn

Resolved megamurmulis
(@megamurmulis)

1 week, 3 days ago

WordPress WP Google Review Slider plugin <= 17.7 – Cross Site Scripting (XSS) vulnerability
https://patchstack.com/database/wordpress/plugin/wp-google-places-review-slider/vulnerability/wordpress-wp-google-review-slider-plugin-17-7-cross-site-scripting-xss-vulnerability
Required privilege: Unauthenticated

Given that it was not disclosed until recently – v17.8 is likely vulnerable as well – since generic update:
17.8 Updated styling for WPv7.

Viewing 1 replies (of 1 total)

Plugin Author jgwhite33
(@jgwhite33)

1 week, 3 days ago

This would only have been an issue if an original review on Google had script tags and somehow made it past all of Google’s security and was downloaded to the plugin. So not really possible. I just pushed out V17.9 with extra output sanitation for downloaded reviews just in case.

Viewing 1 replies (of 1 total)

You must be logged in to reply to this topic.

1 reply
2 participants
Last reply from: jgwhite33
Last activity: 1 week, 3 days ago
Status: resolved