Cross Site Scripting (XSS) vulnerability <= 1.7.4 | WordPress.org

Resolved JulesWebb
(@juleswebb)

1 year, 4 months ago

Hello

Patchstack is reporting WordPress Dynamic Conditions Plugin <= 1.7.4 is vulnerable to Cross Site Scripting (XSS)

Would it be possible to get an update on this? Are you aware of this issue? Is a patch in the works?

Thank you for keeping us updated!
Jules

Viewing 8 replies - 1 through 8 (of 8 total)

Plugin Author crazypsycho
(@crazypsycho)

1 year, 4 months ago

We currently do not see any vulnerabilities. The plugin itself does not perform any writing operations.
But we are keeping an eye on it and already asked on Patchstack for more informations.

Thread Starter JulesWebb
(@juleswebb)

1 year, 4 months ago

@crazypsycho Thank you for the update!

Plugin Author crazypsycho
(@crazypsycho)

1 year, 4 months ago

Still waiting for further information from patchstack. But the patchstack-report says the vulnerability needs constributor-rights. So it is not a critical problem.

Thread Starter JulesWebb
(@juleswebb)

1 year, 4 months ago

@crazypsycho – Thanks for the update!
simonclay
(@simonclay)

1 year, 4 months ago
But what about our sites that do have contributor rights?
- This reply was modified 1 year, 4 months ago by simonclay.
Plugin Author crazypsycho
(@crazypsycho)

1 year, 4 months ago

The vulnerability is now fixed with v1.7.5, thanks to patchstack.

iangar
(@iangar)

1 year, 4 months ago

Thanks

Thread Starter JulesWebb
(@juleswebb)

1 year, 4 months ago

Thank you @crazypsycho!

Viewing 8 replies - 1 through 8 (of 8 total)

The topic ‘Cross Site Scripting (XSS) vulnerability <= 1.7.4’ is closed to new replies.

Tags

xss

12 replies
4 participants
Last reply from: JulesWebb
Last activity: 1 year, 4 months ago
Status: resolved