Support » Plugin: Mingle Forum » [Plugin: Mingle Forum] XSS exploit

Viewing 6 replies - 1 through 6 (of 6 total)
  • All I got was a “Page not found” message when attempting this.

    Tested on version : 1.0.33.2

    I think the previous version dont have this issue

    That’s interesting. Maybe the reason nothing happened on my site was because I had PHPIDS set up and it would have stopped anything like that regardless of where it was inputted. A moderator may want to look at this as well as contacting the author of the plugin.

    Moderator Jan Dembowski

    (@jdembowski)

    Brute Squad and Volunteer Moderator

    Can you provide more detail why you think it’s a problem with the plugin? I mean, where is the problem file?

    http://plugins.trac.wordpress.org/log/mingle-forum

    Looking at the log in trac (trac is your friend) I’m not seeing anything leap out at me. But it is early where I am and I’ve only had one cup of coffee so far. 😉

    Take a look at that second link in my post, if you can point out an issue that would help identify where/if there is a problem with the plugin.

    Edit: *Re-reads, sips more coffee* There may need to be a check inserted but can you reproduce the XSS steps more clearly?

    ATTIADONA – Please do not publicly post exploits like this.

    Email them to plugins@wordpress.org and contact the developer directory.

    Plugin Author cartpauj

    (@cartpauj)

    This fix will be in 1.0.34 of Mingle Forum.

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘[Plugin: Mingle Forum] XSS exploit’ is closed to new replies.