Title: Vulnerability & Security Problem Found
Last modified: August 16, 2017

---

# Vulnerability & Security Problem Found

 *  Resolved [Liz](https://wordpress.org/support/users/member011/)
 * (@member011)
 * [8 years, 9 months ago](https://wordpress.org/support/topic/vulnerability-security-problem-found/)
 * I just updated some plugins and doing a bit of maintenance on my site. and came
   across this report after doing a site vulnerability scan.
 * I followed this link to get the details from the vulnerability scan report.
 * I hope you find this helpful to solve the problem.
 * [https://sumofpwn.nl/advisory/2016/admin_custom_login_wordpress_plugin_affected_by_persistent_cross_site_scripting_via_logo_url_field.html](https://sumofpwn.nl/advisory/2016/admin_custom_login_wordpress_plugin_affected_by_persistent_cross_site_scripting_via_logo_url_field.html)
 * The page I need help with: _[[log in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Fvulnerability-security-problem-found%2F%3Foutput_format%3Dmd&locale=en_US)
   to see the link]_

Viewing 4 replies - 1 through 4 (of 4 total)

 *  Plugin Author [Weblizar – WordPress Themes & Plugin](https://wordpress.org/support/users/weblizar/)
 * (@weblizar)
 * [8 years, 9 months ago](https://wordpress.org/support/topic/vulnerability-security-problem-found/#post-9413875)
 * Hi Liz,
 * Okay, the report says – “The “logo_url” field does not validate <script> tags
   and does not perform output encoding.”
 * No Problem, We will fix this in next update by adding `esc_url` like below:
 *     ```
       <input type="text" class="pro_text" id="log-url" name="log-url" placeholder="<?php _e('Logo URL','WEBLIZAR_ACL')?>" size="56" value="<?php echo $logo_url; ?>"/>
       ```
   
 * Fixed:
 *     ```
       <input type="text" class="pro_text" id="log-url" name="log-url" placeholder="<?php _e('Logo URL','WEBLIZAR_ACL')?>" size="56" value="<?php echo esc_url($logo_url); ?>"/>
       ```
   
 * But, the question is arising: Why an admin try to hack own site coz this setting
   access only for admin of site?
 * Thanks
 *  Thread Starter [Liz](https://wordpress.org/support/users/member011/)
 * (@member011)
 * [8 years, 9 months ago](https://wordpress.org/support/topic/vulnerability-security-problem-found/#post-9414003)
 * Thank you Sweetie, Glad I was able to be in the right place at the right time
   to notice it for you! And It’s an awesome plugin really beautiful you’ve done
   a brilliant job, I think it’s a very classy plugin, thanks for the quick response,
   I was just hoping I could help. 🙂
 * when you mention “but the question is arising” Why an admin try to hack own site
   coz this setting access only for admin of site? ….
 * I don’t know Sweetie, I’ll take your word for it, I have no clue what the code
   means!
 *  Plugin Author [Weblizar – WordPress Themes & Plugin](https://wordpress.org/support/users/weblizar/)
 * (@weblizar)
 * [8 years, 9 months ago](https://wordpress.org/support/topic/vulnerability-security-problem-found/#post-9416742)
 * Thanks so much [@liz](https://wordpress.org/support/users/liz/) for posting this
   feedback.
 *  Thread Starter [Liz](https://wordpress.org/support/users/member011/)
 * (@member011)
 * [8 years, 9 months ago](https://wordpress.org/support/topic/vulnerability-security-problem-found/#post-9417123)
 * Oops!! forgot to mention one reason I just thought of, it’s just that it shows
   up in word fence results as a vulnerability and while playing with google analytics,
   where I have just added this site as a property on console console, Google is
   also showing a vulnerability, so not sure if it may be an issue or not for those
   who are following up with google search console list of issues to help improve
   a sites,
    I’m looking forward to the next update when you have time 🙂
 * All the best Liz 🙂

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘Vulnerability & Security Problem Found’ is closed to new replies.

 * ![](https://ps.w.org/admin-custom-login/assets/icon-256x256.png?rev=1121656)
 * [Admin Custom Login](https://wordpress.org/plugins/admin-custom-login/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/admin-custom-login/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/admin-custom-login/)
 * [Active Topics](https://wordpress.org/support/plugin/admin-custom-login/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/admin-custom-login/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/admin-custom-login/reviews/)

## Tags

 * [custom login plugin](https://wordpress.org/support/topic-tag/custom-login-plugin/)

 * 4 replies
 * 2 participants
 * Last reply from: [Liz](https://wordpress.org/support/users/member011/)
 * Last activity: [8 years, 9 months ago](https://wordpress.org/support/topic/vulnerability-security-problem-found/#post-9417123)
 * Status: resolved