WordPress.org

Ready to get started?Download WordPress

Forums

SpeakUp! Email Petitions
[resolved] How to disable "script-tags" in a input field? - Alert box problem (5 posts)

  1. Serkan
    Member
    Posted 11 months ago #

    Hi,

    An alert box has been appearing on a (WP) website of my client for a few weeks; I have already found out why. This happens because a funny person has put a <script>alert</script> into one of the input fields.
    I have removed it from the database currently; but, how is it possible to disable this function?

    [removed by mod] Here the link to the website with the petition if necessary.

    Thanks in advance
    Serkan

    http://wordpress.org/extend/plugins/speakup-email-petitions/

  2. Gene
    Member
    Posted 11 months ago #

    It's not a good idea to advertise a link to an active xxs vulnerability on your own site. I'd suggest not using the plugin until the vulnerability is patched.

    I realize that you didn't recognize it at the onset but generally speaking it's better to notify plugin authors privately regarding security vulnerabilities rather than posting about them in a public setting.

    Hopefully a mod will see this and remove the link (modlook attached)

  3. Serkan
    Member
    Posted 11 months ago #

    You're right, I haven't thought about it.

  4. Kreg Wallace
    Member
    Plugin Author

    Posted 10 months ago #

    This is fixed now - see version 2.4.2

  5. Serkan
    Member
    Posted 10 months ago #

    Thank you.

Reply

You must log in to post.

About this Plugin

About this Topic