[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Wordpress skysa-official plugin Cross-Site Scripting Vulnerabilities

We have released an update to the plugin (version 1.04) which validates the information submitted in the settings form and does not save invalid information.

However, it does not appear this was ever a security threat since posting information to that page fails if the settings page is not loaded inside the Wordpress Administration area, which requires an admin login to get into.

At any rate, thank you for bringing this potential issue to our attention; allowing us to make the functionality better in the process.