Great Plugin But Input validation vulnerability version 1.2.5 – Medium Risk - [Email Template Customizer for WooCommerce] Review | WordPress.org

ryan01200
(@ryan01200)

1 year, 2 months ago

This plugin is great and I’ve been using it for years although recently the plugin has a security issue that allows hackers to inject harmful code into web pages. This can only happen on certain types of websites, and only if the site has a specific setting disabled. If you have this plugin and use it on your website, make sure to update to version 1.2.6 or higher to avoid this vulnerability.

If you have a good security system in place like cloudfare or real simple security plugin you should be fine but this why you need to make sure your updating your software constantly

Viewing 1 replies (of 1 total)

Plugin Support angelagrey
(@angelagrey)

1 year, 2 months ago

Hi,

Thank you for the feedback. I supposed you’re referring to this recent problem: https://wordpress.org/support/topic/the-cross-site-scripting-xss-vulnerability-in-the-wordpress-email-template/

We’re still working on it. And we’ll update our plugin soon.

Just to clarify, our plugin works on the back end only, which means the users who access your site must at least have manage_woocommerce permission to reach the email setting page.

Best regards.

Viewing 1 replies (of 1 total)

The topic ‘Great Plugin But Input validation vulnerability version 1.2.5 – Medium Risk’ is closed to new replies.

2 replies
2 participants
Last reply from: angelagrey
Last activity: 1 year, 2 months ago