vulnerabilities found | ww.wp.xz.cn

Resolved Gastonq_1
(@gastonq_1)

11 years, 3 months ago

User input is not sanitized. Poll results are shown without escaping html characters and by modifying the value of a question before voting a user is able to insert html, javascript or any code. Also, when you click “see results” a post request is made to the server sending unsanitized data such as the poll id, e.g: CP_Polls_loadresults=1&CP_Polls_id=3, leading to sql injection. hope you fix that!.

https://ww.wp.xz.cn/plugins/cp-polls/

Viewing 1 replies (of 1 total)

Plugin Author codepeople
(@codepeople)

11 years, 3 months ago

Hi,

We have just published a new version with those issues fixed.

Thank you for yoru feedback!

Viewing 1 replies (of 1 total)

The topic ‘vulnerabilities found’ is closed to new replies.

1 reply
2 participants
Last reply from: codepeople
Last activity: 11 years, 3 months ago
Status: resolved