WordPress.org

Support

Support » Plugins and Hacks » [Resolved] Security XSS issue

[Resolved] Security XSS issue

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Author Naji Amer

    @n-for-all

    the user cannot inject html nor java into the input, infact i am aware of the security measure in creating an ajax app and cross site scripting, thats why, i interact with only the tables i need and using prepare function for wordpress to prevent such attacks on the database, if you were able to inject it, that means you are able to inject any plugin that uses wordpress ajax functionality

    i would love to know how you did it, if you really did that

    cheers

    Hi n-for-all,

    Thank you for your response, I dont have the background for it, but someone sent me a message stating that there is an issue and wrote me some code to tested such <script> alert (document.cookie); </ script> ??

    I dont know what he mean, but if there is no issue, can you disable this feature? like using htmlspecialchars OR something ?

    Regards

    Hi,

    A friend told me that there is no problem as you mentioned it to me and only its just print the code with no inject or any security issue.

    Thank you and I apologize for any misunderstanding.

    Plugin Author Naji Amer

    @n-for-all

    Ok great, thank you for clarifying that

    You are welcome (:

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘[Resolved] Security XSS issue’ is closed to new replies.