WordPress.org

Ready to get started?Download WordPress

Forums

Magic Fields
[resolved] Security: markdownPreview.php is a security hole (2 posts)

  1. annoyingmouse
    Member
    Posted 1 year ago #

    markdownPreview.php contains a security hole that allows XSS

    If an attacker can trick an admin into visiting a malicious website (via a comment link or something), he can steal the admins cookies or perform actions on the admin's behalf, such as creating a new user.

    http://wordpress.org/extend/plugins/magic-fields/

  2. hunk
    Member
    Plugin Author

    Posted 1 year ago #

    thanks, I added verification and filtering of javascript code

    https://github.com/hunk/Magic-Fields/commit/7fc92330c7e3bbc2bbfdbf742190a4ef1646b2d8

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags

No tags yet.