Open s-reynier opened 7 years ago
I don't think is a good idea publishing xss exploits,on open source projects, in public, thought, you could send a p.m to the author, however,we will check your comment,and if we verify that this is indeed an exploit,it would be also very welcomed from your side to find a fix,make a request to the author,and finally updated, this is an open source project,if we all contribute, this but also other projects will stay alive.
Just curious. Finally was this a genuine find? If yes, has this been fixed?
I tested the exploit using the latest version of the plugin (2.10.34) and it's still there. I reported it to the developer 2 weeks ago, but I've had no reply as yet.
I was just about to go through the ~process~ of adding the github updater to my website to update this app. I think I'll hold off until there is an answer on this. Might have to look for alternatives since this might add some validity to the WP Marketplace's security concerns on this plugin.
Hi,
Thanks for your plugin, but i found an xxs exploit in your plugin here : https://website.com/wp-admin/admin.php?page=CF7DBPluginSubmissions&form_name="/><!--