Taxonomy description field | ww.wp.xz.cn

Resolved cameliafilip
(@cameliafilip)

4 years, 11 months ago
We’ve been notified about this vulnerability by wp scan:

The plugin does not sanitise its Taxonomy description field, allowing high privilege users to set JavaScript payload in them even when the unfiltered_html capability is disallowed, leading to an authenticated Stored Cross-Site Scripting issue.
https://www.awesomescreenshot.com/image/10119677?key=67997949ac1cbf84d4b0c19b054ec037

Could you please confirm if this indeed is a problem and when it will be fixed?
- This topic was modified 4 years, 11 months ago by Yui.
- This topic was modified 4 years, 11 months ago by Yui. Reason: unfurl shortlink

Viewing 2 replies - 1 through 2 (of 2 total)

Moderator Yui
(@fierevere)

永子

4 years, 11 months ago

If you have LATEST version 3.0.7.2
this issue is fixed.

Plugin Author Steve Burge
(@stevejburge)

4 years, 11 months ago

@fierevere @cameliafilip Yes, that’s correct.

WPScan reported this issue last week and it was fixed in version 3.7.0.2.

The issue was only for high-level users who have access to key parts of your site’s admin area.

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Taxonomy description field’ is closed to new replies.

2 replies
3 participants
Last reply from: Steve Burge
Last activity: 4 years, 11 months ago
Status: resolved