WordPress.org

Ready to get started?Download WordPress

Forums

Mingle Forum
[resolved] XSS exploit (7 posts)

  1. ATTIADONA
    Member
    Posted 1 year ago #

    in the search,

    type in the search :

    [removed]

    and see

    I believe if I check the source I will find more exploits, so I dont trust this plugin

    thank you anyway

    http://wordpress.org/extend/plugins/mingle-forum/

  2. MickeyRoush
    Member
    Posted 1 year ago #

    All I got was a "Page not found" message when attempting this.

  3. ATTIADONA
    Member
    Posted 1 year ago #

    Tested on version : 1.0.33.2

    I think the previous version dont have this issue

  4. MickeyRoush
    Member
    Posted 1 year ago #

    That's interesting. Maybe the reason nothing happened on my site was because I had PHPIDS set up and it would have stopped anything like that regardless of where it was inputted. A moderator may want to look at this as well as contacting the author of the plugin.

  5. Can you provide more detail why you think it's a problem with the plugin? I mean, where is the problem file?

    http://plugins.trac.wordpress.org/log/mingle-forum

    Looking at the log in trac (trac is your friend) I'm not seeing anything leap out at me. But it is early where I am and I've only had one cup of coffee so far. ;)

    Take a look at that second link in my post, if you can point out an issue that would help identify where/if there is a problem with the plugin.

    Edit: *Re-reads, sips more coffee* There may need to be a check inserted but can you reproduce the XSS steps more clearly?

  6. ATTIADONA - Please do not publicly post exploits like this.

    Email them to plugins@wordpress.org and contact the developer directory.

  7. cartpauj
    Member
    Plugin Author

    Posted 1 year ago #

    This fix will be in 1.0.34 of Mingle Forum.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags

No tags yet.