Plugin Stored XSS Vulnerability | ww.wp.xz.cn

Resolved junkyboy
(@junkyboy)

10 years, 9 months ago

A Stored XSS Vulnerability In wp-responsive-images-thumbnail-slider.php file in line [816] Allow Attacket Execute Js Codes :

<td data-title=”Title” ><?php echo stripslashes($row[‘title’]) ?></td>

Please Fix This Vulnerability And Release New Update .
Discovered By Arash Khazaei .

https://ww.wp.xz.cn/plugins/wp-responsive-thumbnail-slider/

Viewing 4 replies - 1 through 4 (of 4 total)

Plugin Author Nks
(@nik00726)

10 years, 9 months ago

The code you is executed only in admin login.SO how you found any issue ? and why should admin stored data like that ?

this plugin input is in hand of admin.

Thread Starter junkyboy
(@junkyboy)

10 years, 9 months ago

🙂 As You Know Site Have Authors And Editors 🙂

Check This Out :

http://cxsecurity.com/issue/WLB-2015080170
http://cxsecurity.com/issue/WLB-2015080167

Just Fix It . 😐 It’s So Easy .

Just use htmlspecialchars function 😐

Plugin Author Nks
(@nik00726)

10 years, 9 months ago

Its ok

But My plugin admin can only access for wordpress responsive thumbnail slider.

So, No need to fix.

Plugin Author Nks
(@nik00726)

10 years, 8 months ago

It has been fixed now.

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘Plugin Stored XSS Vulnerability’ is closed to new replies.

4 replies
2 participants
Last reply from: Nks
Last activity: 10 years, 8 months ago
Status: resolved