[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Wordpress skysa-official plugin Cross-Site Scripting Vulnerabilities

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Wordpress skysa-official plugin Cross-Site Scripting Vulnerabilities
From: support@xxxxxxxxx
Date: Wed, 14 Dec 2011 02:38:52 GMT

We have released an update to the plugin (version 1.04) which validates the 
information submitted in the settings form and does not save invalid 
information.

However, it does not appear this was ever a security threat since posting 
information to that page fails if the settings page is not loaded inside the 
Wordpress Administration area, which requires an admin login to get into.

At any rate, thank you for bringing this potential issue to our attention; 
allowing us to make the functionality better in the process.

Prev by Date: Multiple vulnerabilities in Browser CRM
Next by Date: Re:Re: Introduction to R-sequence public key cryptography attack
Previous by thread: Multiple vulnerabilities in Browser CRM
Next by thread: [MATTA-2011-003] Restorepoint Remote root command execution vulnerability - CVE-2011-4201 CVE-2011-4202
Index(es):
- Date
- Thread