Open YouGina opened 9 months ago
The following lines are vulnerable to XSS:
https://github.com/LearnPress/learnpress/blob/2e7a0466e5015531cda92ddba8fae07d63c02f42/inc/ExternalPlugin/Elementor/Widgets/Course/FilterCourseElementor.php#L203
https://github.com/LearnPress/learnpress/blob/2e7a0466e5015531cda92ddba8fae07d63c02f42/inc/ExternalPlugin/Elementor/Widgets/Course/FilterCourseElementor.php#L210
https://github.com/LearnPress/learnpress/blob/2e7a0466e5015531cda92ddba8fae07d63c02f42/inc/ExternalPlugin/Elementor/Widgets/Course/FilterCourseElementor.php#L215-L219
https://github.com/LearnPress/learnpress/blob/2e7a0466e5015531cda92ddba8fae07d63c02f42/inc/ExternalPlugin/Elementor/Widgets/Course/FilterCourseElementor.php#L223-L227
https://github.com/LearnPress/learnpress/blob/2e7a0466e5015531cda92ddba8fae07d63c02f42/inc/ExternalPlugin/Elementor/Widgets/Course/FilterCourseElementor.php#L234
This code is disabled in the current version that is downloadable via wordpress.org, but enabled in the current development version. Would be great if this could be solved before going to production.
Hi YouGina,
Currently, we don't release this Widget. But on the code we'll fix it on v4.2.7.1
Thanks. Best Regard!
The following lines are vulnerable to XSS:
https://github.com/LearnPress/learnpress/blob/2e7a0466e5015531cda92ddba8fae07d63c02f42/inc/ExternalPlugin/Elementor/Widgets/Course/FilterCourseElementor.php#L203
https://github.com/LearnPress/learnpress/blob/2e7a0466e5015531cda92ddba8fae07d63c02f42/inc/ExternalPlugin/Elementor/Widgets/Course/FilterCourseElementor.php#L210
https://github.com/LearnPress/learnpress/blob/2e7a0466e5015531cda92ddba8fae07d63c02f42/inc/ExternalPlugin/Elementor/Widgets/Course/FilterCourseElementor.php#L215-L219
https://github.com/LearnPress/learnpress/blob/2e7a0466e5015531cda92ddba8fae07d63c02f42/inc/ExternalPlugin/Elementor/Widgets/Course/FilterCourseElementor.php#L223-L227
https://github.com/LearnPress/learnpress/blob/2e7a0466e5015531cda92ddba8fae07d63c02f42/inc/ExternalPlugin/Elementor/Widgets/Course/FilterCourseElementor.php#L234
This code is disabled in the current version that is downloadable via wordpress.org, but enabled in the current development version. Would be great if this could be solved before going to production.