WordPress.org

Ready to get started?Download WordPress

Forums

WP Slimstat
Sanitize the plugin (13 posts)

4 stars
  1. mikes88
    Member
    Posted 1 year ago #

    You need to sanitize the plugin. I was messing around with it and was able to inject a javascript into slimstat using the search field. You need to sanitize your script and fix the issue.

  2. camu
    Member
    Plugin Author

    Posted 1 year ago #

    Hi Mike, it would be quite helpful if you could contact me to address the issue together, instead of just giving me 1 star and disappearing like that. You may want to remember that I do all of this for free, and that the only reward is to get 5 stars for the work I do, so I think you can imagine how frustrating it is to see users like you, who come, trash my work and disappear :(

    Http://slimstat.duechiacchiere.it/contact-us/

    Thank you
    Camu

  3. camu
    Member
    Plugin Author

    Posted 1 year ago #

    I was able to replicate the issue, and a patch has been added to version 3.0 ;) Contact me if you want to test it in advance and see if the problem is fixed.

    Thank you,
    Camu

  4. mikes88
    Member
    Posted 1 year ago #

    Didnt realize i gave it 1 star until it was too late. sorry about that. The plugin is pretty decent but that was a huge security breach for malicious code. Not sure how to change the rating if i can. but i would give this plugin at least a 3.5 or 4 stars.

  5. camu
    Member
    Plugin Author

    Posted 1 year ago #

    Just click on the stars again ;) As for the security breach, thank you for pointing that out, I will release the hotfix asap. Again, if you want to help me test it, feel free to contact me!

    Best,
    Camu

  6. mikes88
    Member
    Posted 1 year ago #

    How long until the plugin will be avail for download?

  7. camu
    Member
    Plugin Author

    Posted 1 year ago #

    A few hours, I would say...

  8. camu
    Member
    Plugin Author

    Posted 1 year ago #

    Released. Test it and let me know how it goes. Please note that this is a temporary hotfix, version 3.0 will have a more robust code in place ;)

    Cheers,
    Camu

  9. mikes88
    Member
    Posted 1 year ago #

    i have the 2 files edited to fix the issue. is there an email i can send them too so you can compare the files?

  10. camu
    Member
    Plugin Author

    Posted 1 year ago #

    So you're saying that version 2.9.5 doesn't fix the problem for you? Contact me at the URL above, and I'll get in touch with you

  11. camu
    Member
    Plugin Author

    Posted 1 year ago #

    Well?

  12. mikes88
    Member
    Posted 1 year ago #

    everything seems to be working.

  13. camu
    Member
    Plugin Author

    Posted 1 year ago #

    Okay, thanks.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags

No tags yet.