Re: Wordpress skysa-official plugin Cross-Site Scripting- Vulnerabilities

From: support@skysa.com
To: bugtraq@securityfocus.com
Cc:
Subject: Re: Wordpress skysa-official plugin Cross-Site Scripting- Vulnerabilities
Date:


We have released an update to the plugin (version 1.04) which validates the information submitted in the settings form and does not save invalid information.

However, it does not appear this was ever a security threat since posting information to that page fails if the settings page is not loaded inside the Wordpress Administration area, which requires an admin login to get into.

At any rate, thank you for bringing this potential issue to our attention; allowing us to make the functionality better in the process.





Copyright © 1995-2021 LinuxRocket.net. All rights reserved.