WordPress.org

Ready to get started?Download WordPress

Forums

rtMedia for WordPress, BuddyPress and bbPress
[resolved] Client-Side Security Vulnerability (4 posts)

  1. inderpreet99
    Member
    Posted 10 months ago #

    Hi,

    There's a client side security vulnerability with how the plugin allows users to post unfiltered javascript in BP Updates. It happens because buddypress-media hooks into bp_activity_allowed_tags and allows the script tags.

    Try it out:

    [moderated]

    Please fix asap. Thanks.

    http://wordpress.org/extend/plugins/buddypress-media/

  2. WPyogi
    Volunteer Moderator
    Posted 10 months ago #

  3. WPyogi
    Volunteer Moderator
    Posted 10 months ago #

  4. Saurabh Shukla
    Member
    Plugin Contributor

    Posted 10 months ago #

    Hi @inderpreet99,

    Thanks for pointing this out. We've removed it and releasing an update in the next few seconds.

    Regards.

Reply

You must log in to post.

About this Plugin

About this Topic