WordPress.org

Support

Support » Plugins and Hacks » WP-FaceThumb » [Resolved] [Plugin: WP-FaceThumb] Reflected XSS-vulnerability CWE-79

[Resolved] [Plugin: WP-FaceThumb] Reflected XSS-vulnerability CWE-79

  • Hello,

    This plugin is vulnerable to refected XSS security vulnerability.

    [removed for security]

    I haven’t verified this nor checked your plugins code. Could you tell me if this is indeed a valid report and if yes when do you plan to fix this?

    Please note that I am more than happy to provide help to fix this issue in case you need any.

    http://wordpress.org/extend/plugins/wp-facethumb/

Viewing 6 replies - 1 through 6 (of 6 total)
  • FYI, please don’t post possible security issues like that in the forums. If it IS an issue, you’ve given the hack to more people. If not, it can hurt a legit plugin. YOu did the right thing by emailing plugins @ wordpress.org – We’ll look into it 🙂

    This was public issue already. I did not create the original announcement. More people can be affected by it if nobody knows about issue in the forums/WP community. XSS issues are usually so simple that people can even patch those by themselves if no patch is available from vendor (in this case plugin maintainer) or even in cases where vendor says “we don’t have time to fix this” or similar explanation even the issue is verified.

    Do I get some kind of reply from plugins@ address if I notify about security vulnerabilities?

    Plugin Author mnttech

    @mnttech

    Hello,
    I’m at work.
    I’ll check that as soon as I’m home.
    What tool do you use to check this ?

    I have not verified this yet. I am not the original founder of this vulnerability.

    Plugin Author mnttech

    @mnttech

    Fixed!

    Thanks for pointing that out.

    Please use CVE-2012-2371 for this issue. Add it to your changelog if possible, thanks.

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘[Resolved] [Plugin: WP-FaceThumb] Reflected XSS-vulnerability CWE-79’ is closed to new replies.
Skip to toolbar