Information Discosuer

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author Konrad Chmielewski

    (@hwk-fr)

    Hello,

    Thanks for the feedback!

    Please use english language, as I’m only able to provide support for that language.

    Regarding your issue, it looks like you have some sensitive information inside a variable called esc_ajax_params. Please note that ACF Extended doesn’t generate this variable, so it’s something else.

    I would recommend to download all your plugins from your FTP, and search for the code “ecs_ajax_params” in your plugins and theme source code.

    Note: It looks like it is related to the Elementor Custom Skin plugin, as I found two github posts here and here, quoting that variable name.

    Hope it helps!

    Have a nice day!

    Regards.

    Thread Starter israel wissotzky

    (@israelmeirwi)

    Thank you very much it was really the Elementor Custom Skin plugin

    I have another problem from the information security side

    The user can inject HTML code into the ACF field

    Plugin Author Konrad Chmielewski

    (@hwk-fr)

    Hello,

    Thanks for the feedback!

    Before going further, please make sure you run your tests on a clean WP Install with ACF Pro + ACF Extended only. So you’re sure the issue doesn’t come from an another plugin.

    If you manage to reproduce it on a clean install, then please share the details, I’ll check it out.

    Thanks!

    Regards.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Information Discosuer’ is closed to new replies.