WordPress.org

Ready to get started?Download WordPress

Forums

Pie Register
[resolved] Security Issue: Web Application Cross Site Scripting (5 posts)

  1. gravitylover
    Member
    Posted 1 year ago #

    Input is not santized before being output on the screen:
    <?php echo $_POST['pass1'];?>
    <?php echo $_POST['pass2'];?>

    Should be:
    <?php echo htmlspecialchars($_POST['pass1']);?>
    <?php echo htmlspecialchars($_POST['pass2']);?>

    http://wordpress.org/extend/plugins/pie-register/

  2. Genetech Solutions
    Member
    Plugin Author

    Posted 1 year ago #

    no needed, since we are already sanitizing before inserting into the database.

  3. gravitylover
    Member
    Posted 1 year ago #

    It still allows the user to output an iframe onto the page and other malicious code

  4. gravitylover
    Member
    Posted 1 year ago #

    Send a demo wp link and I will illustrate the vulnerability

  5. Genetech Solutions
    Member
    Plugin Author

    Posted 1 year ago #

    It has been fixed now! Please upgrade to the latest version of plugin.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags