search

kpumuk / codecolorer

WordPress plugin which allows you to insert code snippets into the post with nice syntax highlighting.
https://kpumuk.info/projects/wordpress-plugins/codecolorer/
56 stars 14 forks source link

Addressed a script injection in custom CSS classes and custom CSS block #36

Closed kpumuk closed 1 year ago

kpumuk commented 1 year ago

Admin can set custom CSS classes to include a payload like "><script>alert(1)</script>, triggering an XSS.