WordPress.org

Ready to get started?Download WordPress

Forums

Video Metabox
[resolved] Security Vulnerability in Metabox (5 posts)

  1. Haider Mahmood
    Member
    Posted 10 months ago #

    Hi, Haider Mahmood here, Security Researcher,
    i have found Security Vulnerability in Metabox that allows Cross site Scripting XSS and Iframe injection attack. i am not sure this is the right spot to disclose it , i actually registered account to wordpress to report this. for developers , pleas send me an email, so i can explain the issue in confidential manner

    Email: [ email redacted ]

    Thanks

    http://wordpress.org/plugins/video-metabox/

  2. Jesse Overright
    Member
    Plugin Author

    Posted 10 months ago #

    Thanks for alerting us to this issue. What version of video metabox are you using? I'll send you an email shortly.

  3. Haider Mahmood
    Member
    Posted 10 months ago #

    The issue has been resolved.
    Thanks for releasing the new version 1.1.1 that addressed the vulnerability.

    [ Signature moderated. ]

  4. Haider? I'm glad you contacted the author but next time there is a plugin vulnerability please report it to plugins [at] wordpress.org with the details.

    They can directly contact plugin author and get this resolved.

    http://codex.wordpress.org/FAQ_Security#Where_do_I_report_security_issues.3F

  5. Jesse Overright
    Member
    Plugin Author

    Posted 10 months ago #

    Thanks for the note Jan.

    For video-metabox users, the vulnerability has been addressed in version 1.1.1 so please update.

Reply

You must log in to post.

About this Plugin

About this Topic