aaronpk
commented
1 year ago Hi Michael, this repository is for the Webmention specification, not any particular plugin. You are probably looking for the WordPress Webmention plugin here: https://github.com/pfefferle/wordpress-webmention
Hello,
I installed this plugin and was recently notified of a potential security hole on my website. When a user went to https://michaelbrooks.co.uk/restarting-my-podcast/?replytocom=<svG/onLoad=prompt(9)> it would display a prompt where the user could inject JS.
I spoke to WordPress.com helpdesk, who identified the issue was coming from this plugin. Here is the bounty that the hacker generated for my blog https://www.openbugbounty.org/reports/3211320/