Security issue

  • netface

    (@netface)


    1 year, 4 months ago

    The News Kit Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

    I sent a notification to the support link on the develoepr website but never got a reply.

Viewing 1 replies (of 1 total)
  • Plugin Author blazethemes

    (@blazethemes)

    1 year, 4 months ago

    Hello @netface,
    We have not received any kind of email with this subject. Can you please drop your email address here so we can search it on our server?
    You can send these issues on our email [email protected].

    Regards,
    BlazeThemes

Viewing 1 replies (of 1 total)

The topic ‘Security issue’ is closed to new replies.