WordPress.org

Forums

Clicky by Yoast
Security Bug (4 posts)

  1. FuzzBaBa
    Member
    Posted 1 year ago #

    Hello,
    I found A Stored xss Bug.

    Reproduce this bug:-

    1:- Go to Clicky Configuration
    2.Enter Xss Payload @ Site ID:
    3. save
    4.xss payload executed. it is stored xss.

    yes it require admin access but it is also a valid bug.. as Bug bounty program over internet..

    patch & notify me ASAP

    https://wordpress.org/plugins/clicky/

  2. FuzzBaBa
    Member
    Posted 1 year ago #

  3. FuzzBaBa? That isn't the best way to report security bugs.

    http://codex.wordpress.org/FAQ_Security#Where_do_I_report_security_issues.3F

    For a plugin that has security issues please report the details to plugins [at] wordpress.org and they can contact the author directly and/or suspend the plugin temporarily if need be.

  4. FuzzBaBa
    Member
    Posted 1 year ago #

    okk Thankx ..i report it to WordPress...

Topic Closed

This topic has been closed to new replies.

About this Plugin

  • Clicky by Yoast
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic

Tags