XSS Vulnerability

  • Resolved samikettunen

    (@samikettunen)


    1 year, 4 months ago

    Hi,

    I received following notification from a host of our customer’s site:

    “The Divi Carousel Maker – Image, Logo, Testimonial, Post Carousel & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Image Carousel and Logo Carousel in all versions up to, and including, 2.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.”

    Probably you’re aware of this potential vulnerability.

    Is there a fix coming? If so, when?

    • This topic was modified 1 year, 4 months ago by samikettunen.
Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Support M. Asif Hossain

    (@asifsiam97)

    1 year, 4 months ago

    Hello @samikettunen,

    Thank you for bringing this to our attention.

    Yes, there was a vulnerability in version 2.0.4 of the plugin, as clearly described in the notification. We have addressed and resolved this issue in version 2.1.0.

    Please update the plugin to version 2.1.0 to ensure your site is secure.

    If you encounter any issues during the update, feel free to reach out.

    Best regards,
    Asif Hossain
    Plugin Support

    Thread Starter samikettunen

    (@samikettunen)

    1 year, 4 months ago

    Hi Asif!

    Thank you for your quick reply. I figured it may be fixed but I think this wasn’t mentioned in the patch notes.

    -Sami

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘XSS Vulnerability’ is closed to new replies.

Tags