Bugtraq mailing list archives
Re: Wordpress skysa-official plugin Cross-Site Scripting Vulnerabilities
From: support () skysa com
Date: Wed, 14 Dec 2011 02:38:52 GMT
We have released an update to the plugin (version 1.04) which validates the information submitted in the settings form and does not save invalid information. However, it does not appear this was ever a security threat since posting information to that page fails if the settings page is not loaded inside the Wordpress Administration area, which requires an admin login to get into. At any rate, thank you for bringing this potential issue to our attention; allowing us to make the functionality better in the process.
Current thread:
- Re: Wordpress skysa-official plugin Cross-Site Scripting Vulnerabilities support (Dec 14)