WordPress.org

Support

Support » Plugins and Hacks » XSS security vulnerability

XSS security vulnerability

Viewing 13 replies - 1 through 13 (of 13 total)
  • Ovidiu
    Participant

    @ovidiu

    seems to be fixed:

    2.3.3
    Security Fix : protection against cross site scripting

    although the author never replied to this thread?

    cookingjar
    Member

    @cookingjar

    Is the plugin still safe?

    http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4117

    Has not been updated for almost a year and the link to the author’s website, demo and suggestions/feedback just goes to a blank screen.

    henrisalo
    Member

    @henrisalo

    No. Plugin category-grid-view-gallery is still affected by CVE-2013-4117 and maintainer of the plugin has not responded anything. Not a critical vulnerability, but it should be fixed.

    cookingjar
    Member

    @cookingjar

    That’s really bad news. I finally found a plugin for what I wanted but its not worth the security threat. Hopefully everyone who uses it is made aware of this.

    Does anyone know any other plugin that displays grid thumbnails of posts pulled from categories?

    henrisalo
    Member

    @henrisalo

    I can try to fix that vulnerability for you. I have no way of contacting original author of this plugin to get it officially fixed. I can also contact WordPress plugins team if they can do some coordination work. This plugin should be audited completely if users still rely on this.

    henrisalo
    Member

    @henrisalo

    Reproduced issue in 2.3.3 version of this plugin. Emailed to plugins@wordpress.org as I do not have author’s contact details.

    cookingjar
    Member

    @cookingjar

    I agree, if there’s still a vulnerability, it should either be removed or fixed. I was a little leery about still using it mainly because the author just up and dissapeared. Having a security issue and then not having an accessible site paired together seems a little shady to me.

    eatthelove
    Member

    @eatthelove

    Does anyone have a suggestion for a similar plugin, since the author of it is MIA? I’m leary of using it but it does exactly what I’m looking for.

    cookingjar
    Member

    @cookingjar

    I’m wondering this too. Took me a week over to find this plugin. If you find something similar drop a note here!

    davestein1
    Member

    @davestein1

    Cooking Jar you asked about other plugins?

    I found

    Featured Image Thumbnail Grid

    Very simple. Needs some css work, but it does what I need. And all the variables are available in the shortcode.

    cookingjar
    Member

    @cookingjar

    Hey, thanks for the suggestion. I remember trying that before but it didn’t work out, I can’t remember why. I tried so many plugins my memory is sorta smushed together on what they all are.

    I did find one by luck and I’m using that now: Category Thumbnail List

    Author updated it only a few months ago. It just needs some pagination built into it but it’s super easy!

    Here’s an example:

    Categories – Dinner

    Kremental
    Member

    @seestheday

    Hi,
    I took the Category Grid View code and have modified it so it is much simpler to use (I also removed some of the functionality in my quest to simplify it). I have created a new plugin called Visual Recipe Index that may help others.

    One of the things that I removed was the file that contained the XSS security issue, so that is fixed in my plugin.

    Since I am now quite familiar with the codebase it would be pretty easy for me to take over the plugin if I can get a response from the author. Otherwise I could just rename it and continue it under a different name (I have also made some improvements, like not having to know your slug or category id).

    Is there interest in that?

    esmi
    Forum Moderator

    @esmi

    This topic is 10 months old. Please post your own topics.

    Closing…

Viewing 13 replies - 1 through 13 (of 13 total)
  • The topic ‘XSS security vulnerability’ is closed to new replies.