I have been using your plugin on a client’s site and I just noticed that it is vulnerable to cross-site scripting attacks.
It relates to the form that submits the product to the cart – it doesn’t appear to sanitize parameters – it doesn’t check to make sure that the referring page exists.
On a page where the shortcode is used, if you inspect the form in Firebug, you can change the value of the hidden input “cartLink” to anything you want and then submit the form. So if it is changed to “http://www.google.com/”, that is what the product name links to on the cart page.
- The topic ‘Vulnerability’ is closed to new replies.