WordPress.org

Forums

Infinite-Scroll
[resolved] Security issue (2 posts)

  1. Julio Potier
    Member
    Posted 3 years ago #

    Hello

    You have to sanitize your datas, especially the ones from user's side.

    Example: go here:
    http://SITE.COM/wp-admin/options-general.php?page=wp_infinite_scroll.php&default=presets
    and in any field type ' ">XSS ' (without single quote)
    This result in a XSS attack.
    Ok, you have to be admin to exploit it, so, not a big deal, but, use esc_attr() please ;)

    See you !

    http://wordpress.org/extend/plugins/infinite-scroll/

  2. beaver6813
    Member
    Plugin Author

    Posted 3 years ago #

    Thats a good spot, thanks Julio. I already run validation on all other option fields, its just the presets tab that is missing that kind of validation (it doesn't use WordPress to handle them as strictly speaking they're not "options").
    I'll get a fix put in over the weekend, thanks for spotting it :)

Topic Closed

This topic has been closed to new replies.

About this Plugin

  • Infinite-Scroll
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic