Support » Plugin: Tabify Edit Screen » [Plugin: Tabify edit screen] Security issue

  • Resolved Julio Potier



    A nonce token is missing in the settings, check “wp_nonce_field()” and “check_admin_referer()” in WP codex. This leads on a CSRF attack
    Also, a XSS attack is possible because the title is not sanitized with “esc_attr()” and “esc_html()”.

    BUT, if i close my eyes on this, this is a great idea ! nice work 🙂
    Waiting for the next patch to use it 😉

    See you !

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author Marko Heijnen


    Will fix that in the next release. Hopefully the end of this week.

    Plugin Author Marko Heijnen


    I just released the new version. Please let me know what you think about the made improvements.

    Hello, sorry for the delay, this is good Marko 🙂
    Did i win a “thanks to Julio from” in the changelog near the “security” line ? 😉
    Thanks in advance

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘[Plugin: Tabify edit screen] Security issue’ is closed to new replies.