Title: Vulnerabilities in Permalink Manager Plugin
Last modified: February 14, 2023

---

# Vulnerabilities in Permalink Manager Plugin

 *  Resolved [bharathiviswa](https://wordpress.org/support/users/bharathiviswa/)
 * (@bharathiviswa)
 * [3 years, 3 months ago](https://wordpress.org/support/topic/vulnerabilities-in-permalink-manager-plugin/)
 * Hi
 * I have using permalink manager plugin in my **wordpress site**, recently I had
   reported that disclosure vulnerabilities in t/index.php.
   **Issue Link:**Mydomain/
   t/index.php?action[]=aaa
 * **The issue**: “Warning: strpos() expects parameter 1 to be string, array given
   in /home/customer/Mydomain/public_html/wp-content/plugins/permalink-manager/permalink-
   manager.php on line 352”
 * **The reported PHP line 352 :** “if((!empty($_REQUEST[‘action’]) && strpos($_REQUEST[‘
   action’], ‘elementor’) !== false) || isset($_REQUEST[‘elementor-preview’])) {
   return; }”
   **Note: If we remove the permalink manager plugin, the issue is solved(
   but we need permalink plugin).** **The permalink plugin version is 2.2.8.4**.**
   The PHP line which shows issue is a default plugin code.**
 * Please solve the issue, I need permalink manager without this disclosure vulnerability
   for my site.
   Thanks!
    -  This topic was modified 3 years, 3 months ago by [bharathiviswa](https://wordpress.org/support/users/bharathiviswa/).
    -  This topic was modified 3 years, 3 months ago by [bharathiviswa](https://wordpress.org/support/users/bharathiviswa/).

Viewing 1 replies (of 1 total)

 *  Plugin Author [Maciej Bis](https://wordpress.org/support/users/mbis/)
 * (@mbis)
 * [3 years, 3 months ago](https://wordpress.org/support/topic/vulnerabilities-in-permalink-manager-plugin/#post-16470930)
 * Hi [@bharathiviswa](https://wordpress.org/support/users/bharathiviswa/),
 * Thank you for reporting this problem. To prevent this warning from being displayed,
   there needs to be an additional condition (_is\_string()_) added to the “if” 
   clause:
   [https://plugins.trac.wordpress.org/changeset/2865284#file1](https://plugins.trac.wordpress.org/changeset/2865284#file1)
 * `if ( ( ! empty( $_REQUEST['action'] ) && **is_string( $_REQUEST['action'] )**&&
   strpos( $_REQUEST['action'], 'elementor' ) !== false ) || isset( $_REQUEST['elementor-
   preview'] ) ) {`
 * To resolve the problem, please either update the plugin to 2.3.1 version or apply
   the change manually.
 * Best regards,
   Maciej

Viewing 1 replies (of 1 total)

The topic ‘Vulnerabilities in Permalink Manager Plugin’ is closed to new replies.

 * ![](https://ps.w.org/permalink-manager/assets/icon.svg?rev=2625166)
 * [Permalink Manager Lite](https://wordpress.org/plugins/permalink-manager/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/permalink-manager/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/permalink-manager/)
 * [Active Topics](https://wordpress.org/support/plugin/permalink-manager/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/permalink-manager/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/permalink-manager/reviews/)

 * 1 reply
 * 2 participants
 * Last reply from: [Maciej Bis](https://wordpress.org/support/users/mbis/)
 * Last activity: [3 years, 3 months ago](https://wordpress.org/support/topic/vulnerabilities-in-permalink-manager-plugin/#post-16470930)
 * Status: resolved