Open VanguardHQ opened 4 years ago
Hi @VanguardHQ , thank you for letting me know about this request. I will release next version of the plugin by this weekend. I will keep you updated here. Thanks
Many thanks @saurabhsirdixit. Thank you for your speedy response, much appreciated, Sarah
@saurabhsirdixit May be replacing the lines update_metadata( $type, $post_id, $property, $new );
with update_metadata( $type, $post_id, $property, sanitize_text_field( $new ) );
will fix the xss vulnerabilities since we are only using text
type fields for these:
Moreover, this library(Redrokk Metabox Class) is not in active development state. So, shouldn't be a problem directly modifying in it. https://github.com/axelerant/testimonials-widget/blob/fd40ea02a5f92ce00c60c6c189024276d7f55642/includes/libraries/aihrus-framework/includes/libraries/class-redrokk-metabox-class.php#L418
It's time to switch to a new metabox library !!
Hello,
Many thanks for releasing the update. I’ve installed version 4.0.1 of the Testimonials Widget, rescanned our site, but am still getting the same message (see screen shot). We still have a ’threat found’ message, please can you help?
Kind regards Sarah
Sarah Stivala Vanguard Consulting Ltd
Mobile: +44 7710 800 662 Office: +44 1280 822255
email: sarah@vanguardconsult.co.ukmailto:sarah@vanguardconsult.co.uk www.vanguard-method.comhttp://www.vanguard-method.com
[cid:E730282F-8B70-4EF7-9C44-F367C1FAA56E@home]
On 7 Jul 2020, at 15:35, Saurabh Dixit notifications@github.com<mailto:notifications@github.com> wrote:
Hi @VanguardHQhttps://github.com/VanguardHQ , thank you for letting me know about this request. I will release next version of the plugin by this weekend. I will keep you updated here. Thanks
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://github.com/axelerant/testimonials-widget/issues/207#issuecomment-654907462, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AQGRECZNDST6OIUOBQH4MNDR2MXDVANCNFSM4OS4CM6Q.
Hi - apologies if this is not the right place to ask, please can you help?
We have the Testimonials Widget (version 3.5.1) installed on our website. WordPress has identified that it has a vulnerability and I see a 'Threat found' message about the plugin.
Do you plan to release an update?
What can I do to remove this message so that there is no threat?
Many thanks, Sarah