WordPress.org

Ready to get started?Download WordPress

Forums

rtMedia for WordPress, BuddyPress and bbPress
[resolved] Client-Side Security Vulnerability (4 posts)

  1. inderpreet99
    Member
    Posted 1 year ago #

    Hi,

    There's a client side security vulnerability with how the plugin allows users to post unfiltered javascript in BP Updates. It happens because buddypress-media hooks into bp_activity_allowed_tags and allows the script tags.

    Try it out:

    [moderated]

    Please fix asap. Thanks.

    http://wordpress.org/extend/plugins/buddypress-media/

  2. WPyogi
    Volunteer Moderator
    Posted 1 year ago #

  3. WPyogi
    Volunteer Moderator
    Posted 1 year ago #

  4. Saurabh Shukla
    Member
    Plugin Contributor

    Posted 1 year ago #

    Hi @inderpreet99,

    Thanks for pointing this out. We've removed it and releasing an update in the next few seconds.

    Regards.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic