Hi alysko, can you give us some context? Was this a 4th party XSS injection? Who detected it? Or is this in the source code?
FYI I’m a user, not the developer.
Wordfence found the following new issues on “”.
Alert generated at Tuesday 25th of February 2014 at 10:39:37 AM
Warnings:
* Modified plugin file: wp-content/plugins/quick-flag/database/ip2country.db
* Modified plugin file: wp-content/plugins/quick-flag/database/ip2country.version
Seemed I was on the receiving end of a brute fore attack last night
From my host…
“I have reviewed logged data on the server and found that your site was being hit quite a bit with WordPress login requests from 213.158.82.62 today:
[root@myhosthere /my/root]# awk ‘My IP Address Here/ {print $7}’ /usr/local/apache/domlogs/user/mysite.com | sort | uniq -c | sort -rn | head
2217 /wp-login.php
This seemed to cause some issues with the account hitting some of the resource limits we have on our shared servers.”
My last chat plugin brought me all sorts of grief with XSS attacks. I’d love the developer to weigh in here with his opinion. It’s a great plugin, but not if it exposes my site.
Thread Starter
BenM
(@alysko)
Hi square_eyes,
I don’t known what’s a “4th party XSS injection” 🙂 SQL injection, ok. XSS, ok. But 4th party XSS injection…
This message was given by Codestyling Localization.
I would have said third party, but that’s the plugin. The attacker would be a fourth party. That’s all.
And I concede, that my issues above may not be related to the plugin. However it happened almost immediately after I installed it. Based on my past experience it’s better to report it.
