WordPress.org

Support

Support » Plugins and Hacks » [Resolved] [Plugin: WordPress Popular Posts] cross site scripting bug

[Resolved] [Plugin: WordPress Popular Posts] cross site scripting bug

  • wojboj
    Member

    @wojboj

    timthumb.php does not properly escape results when it fails to find file from argument.

    it’s just:
    function displayError($errorString = ”) {
    header(‘HTTP/1.1 400 Bad Request’);
    – die($errorString);
    + die(htmlspecialchars($errorString));
    }

    why nobody fixes that?

    http://forums.cnet.com/7726-6132_102-5070628.html

Viewing 1 replies (of 1 total)
  • Plugin Author Hector Cabrera
    Participant

    @hcabrera

    Hi wojboj,

    Currently, WordPress Popular Posts has dropped support for timThumb because of its security issues. My plugin now relies on WordPress’ Post Thumbnail feature to retrieve the images.

    If you still want to use TimThumb, I’d suggest you to update the script that my plugin uses with the latest version (you can find it here: http://code.google.com/p/timthumb/) and do not upgrade to WordPress Popular Posts v.2.1.5.

Viewing 1 replies (of 1 total)
  • The topic ‘[Resolved] [Plugin: WordPress Popular Posts] cross site scripting bug’ is closed to new replies.