WordPress.org

Forums

SpeakUp! Email Petitions
[resolved] How to disable "script-tags" in a input field? - Alert box problem (5 posts)

  1. Serkan
    Member
    Posted 1 year ago #

    Hi,

    An alert box has been appearing on a (WP) website of my client for a few weeks; I have already found out why. This happens because a funny person has put a <script>alert</script> into one of the input fields.
    I have removed it from the database currently; but, how is it possible to disable this function?

    [removed by mod] Here the link to the website with the petition if necessary.

    Thanks in advance
    Serkan

    http://wordpress.org/extend/plugins/speakup-email-petitions/

  2. Gene
    Member
    Posted 1 year ago #

    It's not a good idea to advertise a link to an active xxs vulnerability on your own site. I'd suggest not using the plugin until the vulnerability is patched.

    I realize that you didn't recognize it at the onset but generally speaking it's better to notify plugin authors privately regarding security vulnerabilities rather than posting about them in a public setting.

    Hopefully a mod will see this and remove the link (modlook attached)

  3. Serkan
    Member
    Posted 1 year ago #

    You're right, I haven't thought about it.

  4. Kreg
    Member
    Plugin Author

    Posted 1 year ago #

    This is fixed now - see version 2.4.2

  5. Serkan
    Member
    Posted 1 year ago #

    Thank you.

Topic Closed

This topic has been closed to new replies.

About this Plugin

  • SpeakUp! Email Petitions
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic