ok but I was not hacked this is the work of some dumb coder not dong this job.
so I ask agan
http://somesite.com/?tag='”><script>alert(1)</script>
I would like to know how to go about fixing it.
but I’m not sure if this is a hole in WP or my Theme?
is any one out there running wp 3.0.1 getting this xss?
never seen it except when hacked
do you have an example link?
i dont think i was hacked its got to be a bad plugin or theme
I’m running Atahualpa theme 3.5.3
that’s easily tested
deactivate all plugins and test
switch to twenty ten theme and test
I did it & found out its Global Translator Version 1.3.2
I need to some how get a hold of the maker
or can you do that?
Moderator
James Huff
(@macmanx)
Volunteer Moderator
No, we don’t have any special developer contacting powers. You’ll have to contact him.
You did the right thing by posting here:
http://wordpress.org/support/topic/xss-attack-found-in-global-translator-132
yeah I did not know if Samuel B
had some way of getting a hold of him faster.
all I do know is the maker of that plugin is not easy to get a hold of
& Global Translator is not the kind of plugin I can go with out.
if I do I will piss off google when all the many translated pages start to not show up if I have the plugin off.
p.s.
Thanks for all of your help everyone 😉
Hi, well good job I guess – hate to see a plugin hack
might try an earlier version to see if it’s vulnerable
http://wordpress.org/extend/plugins/global-translator/download/
you can contact author here
http://www.n2h.it/contatti/
I think he would be very interested to know about this