adamrob / Parallax Scroll / issues / #1 - XSS Vulnerability — Bitbucket

Issue #1 resolved

Adam Robinson repo owner created an issue 2019-01-25

XSS issue found in Parallax Scroll plugin v2.0. It seems _posttitle (aka Title field) in /includes/adamrob-parralax-shortcode.php is not sanitized, but please check it again. I tested it on XAMPP with latest version of Wordpress, i.e. v.5.0.3. Steps to reproduce:

Comments (2)

Adam Robinson reporter
Problem tracked and fixed when rendering the post. Alter the post save so it strips any tags before saving to WP
- 2019-01-29T13:26:59+00:00
Adam Robinson reporter
- changed status to resolved
Resolved on version 2.1 release
- 2019-02-05T12:50:18+00:00
Log in to comment

Assignee: Adam Robinson

Type: bug

Priority: major

Status: resolved

Version: V2.0.1

Votes: 0

Watchers: 1

Jira: the preferred issue tracker for Bitbucket. Join the team!