Title: Plugin allows script tags to be inserted
Last modified: February 11, 2021

---

# Plugin allows script tags to be inserted

 *  Resolved [nkalistair](https://wordpress.org/support/users/nkalistair/)
 * (@nkalistair)
 * [5 years, 3 months ago](https://wordpress.org/support/topic/plugin-allows-script-tags-to-be-inserted/)
 * Hi I’m looking at using this plugin however I have noticed that because it removes
   the wp_kses filters there is no sanitization on the input, which is a potential
   security risk as it will allow anyone with enough permissions (whether genuine
   or not) to insert malicious code into a page.
 * Can I suggest therefore that after you remove the filters on lines 105 & 106 
   you then add appropriate filters to sanitize the html input for a ‘post’ entry?
 * I’ve tested it by adding the wp_kses_post filter and this successfully strips
   script & style tags

Viewing 1 replies (of 1 total)

 *  Plugin Author [kevin heath](https://wordpress.org/support/users/ypraise/)
 * (@ypraise)
 * [5 years, 3 months ago](https://wordpress.org/support/topic/plugin-allows-script-tags-to-be-inserted/#post-14067940)
 * thanks for the input.
 * I removed the filters for my needs which is what the plugin is based in. I needed
   to open up the description areas to allow me to run scripts etc which is the 
   point of the plugin.
 * The only people who can change the description area are people who have admin
   permissions. As long as your website is properly secured to prevent hackers from
   registering as admin then you will have no problems using this plugin.
 * The plugin has been around for nearly 10 years and no reports of people hacking
   into a website through this plugin have been reported.
 * As long as your website has normal security in place then this plugin has not
   more risk than any other plugin that can be hacked once a hacker has already 
   gained access to your site.
 * thanks
    Kevin

Viewing 1 replies (of 1 total)

The topic ‘Plugin allows script tags to be inserted’ is closed to new replies.

 * ![](https://s.w.org/plugins/geopattern-icon/categorytinymce_ebebec.svg)
 * [Category Editor](https://wordpress.org/plugins/categorytinymce/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/categorytinymce/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/categorytinymce/)
 * [Active Topics](https://wordpress.org/support/plugin/categorytinymce/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/categorytinymce/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/categorytinymce/reviews/)

 * 1 reply
 * 2 participants
 * Last reply from: [kevin heath](https://wordpress.org/support/users/ypraise/)
 * Last activity: [5 years, 3 months ago](https://wordpress.org/support/topic/plugin-allows-script-tags-to-be-inserted/#post-14067940)
 * Status: resolved