XSS Vulnerability | ww.wp.xz.cn

Resolved KTS915
(@kts915)

11 years ago

I see that there is an unescaped instance of add_query_arg() in line 285 of classes/ppc-welcome-class.php.

I know it is following wp_safe_redirect, but doesn’t it still need to be escaped because of this vulnerability?

https://ww.wp.xz.cn/plugins/post-pay-counter/

Viewing 2 replies - 1 through 2 (of 2 total)

Plugin Author Stefano
(@ste_95)

11 years ago

Hi there,
There’s no user input involved, so there’s no way malicious code could get in the URL 🙂

Have a nice day,
Stefano

Thread Starter KTS915
(@kts915)

11 years ago

Ah, I see! Thanks for the explanation!

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘XSS Vulnerability’ is closed to new replies.

2 replies
2 participants
Last reply from: KTS915
Last activity: 11 years ago
Status: resolved