When scanned with wpscan my site gives an alarm on WP-postviews | WordPress.org

Resolved ahmetax
(@ahmetax)

9 years, 3 months ago

Hello,
I am using wp-postviews on my wordpress sites. I like it very much.
However when I wpscaned my sites, I get the following message:

[!] Title: WP-PostViews – “search_input” Cross-Site Scripting Vulnerability
Reference: http://secunia.com/advisories/50982

How can I recover it?
Thank you.

https://wordpress.org/plugins/wp-postviews/

Viewing 3 replies - 1 through 3 (of 3 total)

Plugin Author Lester Chan
(@gamerz)

9 years, 3 months ago

The title states “WordPress post-views Plugin” and not WP-PostViews.

“Input passed via the “search_input” GET parameter to wp-admin/index.php (when “page” is set to “post-views”) is not properly sanitised in wp-content/plugins/post-views/post-views.php before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site.”

The plugin uses wp-content/plugins/wp-postviews and not “wp-content/plugins/post-views”

So you got the wrong plugin.

ethicalhack3r
(@ethicalhack3r)

9 years, 3 months ago

I manage the WPScan Vulnerability Database. It looks like the vulnerability was assigned to the wrong plugin within our database. I will update the issue now.

Thread Starter ahmetax
(@ahmetax)

9 years, 3 months ago

Ok. Then we will not get a vulnerability message from now on.
Thank you.

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘When scanned with wpscan my site gives an alarm on WP-postviews’ is closed to new replies.

In: Plugins
3 replies
3 participants
Last reply from: ahmetax
Last activity: 9 years, 3 months ago
Status: resolved