Viewing 7 replies - 1 through 7 (of 7 total)
  • Plugin Contributor Samir Shah

    (@solarissmoke)

    No – the plugin is not vulnerable.

    Thread Starter davidlrattigan

    (@davidlrattigan)

    Hi,

    The reason I suspected it was vulnerable is because of this code:

    private function settings_page_url() {
      $base =  $this->networkactive ? network_admin_url( 'settings.php' ) : admin_url( 'options-general.php' );
      return add_query_arg( 'page', 'disable_comments_settings', $base );
     }

    and

    `function filter_query() {
    if( is_comment_feed() ) {
    if( isset( $_GET[‘feed’] ) ) {
    wp_redirect( remove_query_arg( ‘feed’ ), 301 );
    exit;
    }
    `

    According to the link in my first post, I should see esc_url() or esc_url_raw() before remove_query_arg and add_query_arg if they are secure.

    Many thanks.

    Plugin Contributor Samir Shah

    (@solarissmoke)

    Hi davidlrattigan,

    Thanks for the details. For the first one, there is no issue because:

    1. There is only a problem if no base URL is specified in the arguments (in which case WordPress uses the request URL). In this case the function is generating the URLs internally with no reliance on the request URL.

    2. The output of settings_page_url() (here and here) is always escaped with esc_attr() which is the equivalent of esc_url() for use in HTML attributes.

    For the second one, I think you are right and will release a fix very shortly.

    Thanks!

    Thread Starter davidlrattigan

    (@davidlrattigan)

    Thanks for the prompt response and for the upcoming fix. Hopefully your response will be useful for other plugin users with the same concern.

    Cheers!

    Hi solarissmoke – I popped in here via google, wondering if your plugin would help generally against the recently outed WP vulnerability ?

    Plugin Contributor Samir Shah

    (@solarissmoke)

    @photomaldives it will – if completely disabling comments can be considered a solution! The issue has been fixed by a core WordPress security release now.

    Thanks, solarissmoke. Yes – all sites updated now.

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘XSS Vulnerability’ is closed to new replies.