Mingle Forum
[resolved] XSS exploit (7 posts)

    Posted 3 years ago #

    in the search,

    type in the search :


    and see

    I believe if I check the source I will find more exploits, so I dont trust this plugin

    thank you anyway


  2. MickeyRoush
    Posted 3 years ago #

    All I got was a "Page not found" message when attempting this.

    Posted 3 years ago #

    Tested on version :

    I think the previous version dont have this issue

  4. MickeyRoush
    Posted 3 years ago #

    That's interesting. Maybe the reason nothing happened on my site was because I had PHPIDS set up and it would have stopped anything like that regardless of where it was inputted. A moderator may want to look at this as well as contacting the author of the plugin.

  5. Can you provide more detail why you think it's a problem with the plugin? I mean, where is the problem file?


    Looking at the log in trac (trac is your friend) I'm not seeing anything leap out at me. But it is early where I am and I've only had one cup of coffee so far. ;)

    Take a look at that second link in my post, if you can point out an issue that would help identify where/if there is a problem with the plugin.

    Edit: *Re-reads, sips more coffee* There may need to be a check inserted but can you reproduce the XSS steps more clearly?

  6. ATTIADONA - Please do not publicly post exploits like this.

    Email them to plugins@wordpress.org and contact the developer directory.

  7. cartpauj
    Plugin Author

    Posted 2 years ago #

    This fix will be in 1.0.34 of Mingle Forum.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic


No tags yet.