XSS Vulnerability | ww.wp.xz.cn

Resolved amarie
(@tuesdave)

10 years, 7 months ago

Hello, I had a security audit done on my website and they found a slight vulnerability in your plugin.

Location: types\embedded\includes\fields\skype.php line 203

<input id="btn-skypename" name="skypename" value="<?php echo $_GET['skypename']; ?>" type="text" />

The ‘skypename’ parameter needs to be sanitized before printing.

Are there any plans to patch this in the near future? If not I’d need to maintain this on my own.

Thank you.

https://ww.wp.xz.cn/plugins/types/

Viewing 1 replies (of 1 total)

Marcin Pietrzak
(@iworks)

10 years, 7 months ago
Dear amarie

Please check current version of Types. This line is now:
```
211             <input id="btn-skypename" name="skypename" value="<?php esc_attr_e($_GET['skypename']); ?>" type="text"
```
Cheers,
Marcin

Viewing 1 replies (of 1 total)

The topic ‘XSS Vulnerability’ is closed to new replies.

Tags

1 reply
2 participants
Last reply from: Marcin Pietrzak
Last activity: 10 years, 7 months ago
Status: resolved