XSS Vulnerability

Create issue
Issue #1 resolved
Adam Robinson repo owner created an issue

XSS issue found in Parallax Scroll plugin v2.0. It seems _posttitle (aka Title field) in /includes/adamrob-parralax-shortcode.php is not sanitized, but please check it again. I tested it on XAMPP with latest version of Wordpress, i.e. v.5.0.3. Steps to reproduce:

Comments (2)

  1. Adam Robinson reporter

    Problem tracked and fixed when rendering the post. Alter the post save so it strips any tags before saving to WP

  2. Log in to comment