Security issues
-
Hi,
Jetpack protect is reporting two issues with Countdown:
– The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (https://wpscan.com/vulnerability/e18e69f7-3d28-4160-ab8e-c5064d894da0?site=www.moederheil.nl::wp)
– The plugin does not properly lock its Pro features which could allow high privilege users such as admin to bypass the restriction and use them (https://wpscan.com/vulnerability/60eb1d98-8bf9-495c-bac8-fe46cd9f97df?site=www.moederheil.nl::wp)The page I need help with: [log in to see the link]
- The topic ‘Security issues’ is closed to new replies.