WordPress.org

Ready to get started?Download WordPress

Forums

jquery-vertical-accordion-menu (1 post)

  1. zannahlou
    Member
    Posted 8 months ago #

    I used this plug-in:
    http://wordpress.org/plugins/jquery-vertical-accordion-menu/

    Which worked well when I was developing locally, but on my particular production server it caused a cross-site scripting attack. Is this something about my server settings, or is this plug-in totally broken? I am using the most recent version of WP, and the plug-in has not been updated, but this seems like a pretty dramatic issue. The plug-in did this whether I had the "Save Menu State (uses cookies)" option activated or not.

    Any other good, functional options for dropdown menu plug-ins?

    Server error info below:

    Sat Oct 26 23:46:06 2013] [error] [client 24.103.XX.XXX] ModSecurity: Access denied with code 406 (phase 2). Pattern match "(?:\\b(?:(?:type\\b\\W*?\\b(?:text\\b\\W*?\\b(?:j(?:ava)?|ecma|vb)|application\\b\\W*?\\bx-(?:java|vb))script|c(?:opyparentfolder|reatetextrange)|get(?:special|parent)folder|iframe\\b.{0,100}?\\bsrc)\\b|on(?:(?:mo(?:use(?:o(?:ver|ut)|down|move|up)|ve)|key(?:press|d ..." at REQUEST_FILENAME. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "117"] [id "950004"] [msg "Cross-site Scripting (XSS) Attack"] [data ".cookie"] [severity "CRITICAL"] [tag "WEB_ATTACK/XSS"] [hostname "XXXXXXX.com"] [uri "/live_test/wp-content/plugins/jquery-vertical-accordion-menu/js/jquery.cookie.js"] [unique_id "xxxxxx"]

Reply

You must log in to post.

About this Topic