Hi There,

We installed plugin and configured it for XSS vulnerabilities. We have added some extra characters but that blocked mostly all the URLs of wordpress dashboard and plugin dashboard. I wasn’t able to access those dashboard. So I directly deleted the plugin folder. Now when I install plugin, it blocked all URLs again. So Please help me with the location of configuration. How can I remove all the configuration of plugin and how can I reinstall fresh plugin?

Thanks in advance.

• This topic was modified 1 year, 6 months ago by ujjwalm.

Hi,
we recently installed the Redirection plugin and it seems that when a search is performed within the redirection plugin, to find one of the redirection entries, the search fails and returns a “cannot fetch” error, which on browser inspection shows possible CORS issue.
We tried all the other possibilities, ie disabling WordFence and other plugins, but the only solution which eliminates the problem, is to disable XSS plugin or untick the “blocking” option, within the XSS plugin.
Is this something you can help with please?
Thanks

Does this plugin work with DOM based XSS ??

I have read the description which says only for Reflected XSS and self XSS

please share with plugin activate steps and testing method.

Hello, I have noticed an error in the debug.log:
“PHP Warning: mysqli_num_fields() expects parameter 1 to be mysqli_result, bool given in ….wp-includes/wp-db.php on line 3547”
I found out, that it is this plugin, the error went away when I deactivated it. Is there anything I can do, to prevent the error and have the plugin activated?

Thanks
Christa

After uninstalling the plugin it still save settings in option table how can i delete that?

I activated this plugin on multisite installation and in all the subsites it works fine except the subsite that has plugin called echo knowledge base plugin.

The EKB plugin has table of content in the sidebar where I have links to refer different parts of article and that links are appending code that is inserted in the url.

for ex https://www.ex.com/ if I add code tag in the url than that tag is appended to the links of that plugin TOC by escaping the entities.

This output occurs on a fresh install of your plugin when debug mode is active. Is it possible to fix the value checks in a future release?

Notice: Trying to access array offset on value of type bool in /var/www/XXXX/wp-content/plugins/prevent-xss-vulnerability/includes/class-prevent-xss-vulnerability-frontend.php on line 264

Notice: Trying to access array offset on value of type bool in /var/www/XXXX/wp-content/plugins/prevent-xss-vulnerability/includes/class-prevent-xss-vulnerability-frontend.php on line 265

Hi,
I need to fix the path /directory traversal issue through this plugin. Can you please help me to fix this issue?

https://ibb.co/1d9Vv5H

https://www.elsner.com/prevent-your-wordpress-site-from-directory-traversal-attack/

Please tell me how to include the below special characters in the block list?
‘../’

Regards,
Saravanan

• This topic was modified 3 years, 3 months ago by Sakthivel.

Am facing an issue while deleting the bulk post not working when this plugin is active.
If I deactivate the plugin and perform the same operation it’s working fine.
We have to use the bulk delete & draft post these often use action in our site.
Can you please provide the solution for this soon? this helps me lot.

Thanks,
Saravanan

We have recently run the ZAP tool against our site. now we are getting the Remote OS Command Injection issue. Can you please share the idea to fix this issue. or suggest a plugin that helps to fix this issue.

Thanks,

Hi,

Since installing the plugin:
– File uploads on different forms fail with cloudflare timeouts and 520 / 524 errors.
– My integromat integrations sometimes fail when related to file uploads, with the same errors on the backend.

When deactivating the plugin, everything gets back to normal.

Any known issues/fixes for that, so I can continue using the useful plugin?

Thanks

Hi.

I’m using this plugin and having success in most of security checks.

However, the below security check still accuses the possibility of XSS attacks.

<code>https://my-website-test/blog/?"><script>_q_q=)(</script></code>

(The url symbols < and > are ampersand chars)

Is there a way to modify the behavior to block ampersand chars?

Thank you.

• This topic was modified 3 years, 8 months ago by higoroliveirabiz.
• This topic was modified 3 years, 8 months ago by higoroliveirabiz.
• This topic was modified 3 years, 8 months ago by higoroliveirabiz.

Recently i have tried to bulk delete pages, or bulk change status, or bulk delete media items and nothing happens.
i have a test replica website of my live site and i could disable all the plugins that i thought may be the issue as i didnt even consider that this plugin would be the issue.
Only when i deactivate Prevent XSS Vulnerability, i can perform those actions immediately (and the status of the other plugins makes no difference, active or not).
i have not changed any of its settings, as this plugin was installed by my previous senior officer, so i presume its installed with the default settings ?
i can only see one radio button checked (Enable Blocking) and no manual entries have been added in any of the options.
in case this info helps: i am using the latest 5.6.1 wordpress version and all the plugins are updated to the latest versions too . PHP Version 7.3.19 i have had the issue several months now, but did not have the chance to test and find the issue as it was not affecting anything else on the website.
Thanks

FYI the plugin Print My Blog uses square brackets in URLs, but this plugin removes them which causes Print My Blog to not work. See https://www.ads-software.com/support/topic/some-additional-diagnostics-using-plugin-with-a-large-site/#post-13856453
Your FAQ “Does this conflict with any plugins” says this doesn’t conflict with anything, but here’s an exception to that. Also, any other plugin using one of those characters in URLs will not work. I think it would be more accurate to say it usually doesn’t conflict, but if it does you can loosen up this plugin’s restrictions to remove the conflict.
Anyways, take care!

When this plugin is enabled, I’m not able to make a bulk action to WooCommerce orders. I was trying to change the status of three orders from processing to completed. With this plugin enabled, I was not able to do that. There were no error messages returned. The page reloaded and the order status remained unchanged.

After I disabled this plugin, I was able to make the bulk action to change the order statuses successfully.

If you want to try to duplicate this, I’m running WP 5.5.3, WooCommerce 4.7.1, and version 1.0.0 of your plugin.

Before we upgrade from “0.3.5” to ‘1.0.0″ that was recently released, what is the minimum PHP version required as it is not mentioned on the download page?

when i create blog post with alert message its not getting blocked by the plugin.

Hello,

Blokking entities from the coupon field in the woocommerce cart seems not to work.
I tested the theme search field and this works fine.

It there a possibility to support the Woocommerce field?

Regards,

Jos

Hello,

When adding the following characters < and > to the field “Exclude Entities from Blocking”. These characters disapear when you save the page.

Is it possible to add a double dash “—“ to the block list?

Sorry for the wrong keyword in the previous post.

Is it possible to add a double dash “—“ to the block list?

if you visit the link above, you will see that the design on the site is disturbed after I installed this plugin. I uninstalled the plugin but that didn’t restore my changes. How I can properly restore my changes?

Hi the plugin do not seem to Encodes the url Entities.

on Chrome and IE

Is causing problems with BULK ACTIONS of WooCommerce

These 3 plugins in combination and even when alone cause disruption of BULK ACTIONS of WooCommerce

1. Prevent XSS Vulnerability
2. Proxy Cache Purge
3. Yoast SEO

• This topic was modified 5 years, 10 months ago by xrahat2011.