[Plugin: Comment Notifier] 2.0.6 version security flaws.

  • This version uses wp-query calls that doesnt prepare the database properly as well as not putting stripsplashs in the appropriate places.

    It also does not use _nonce for checking and validating so you can ‘cheat’ it by sending a form to the response of someones server who is running it and hack it by using the ID field, other fields are escaped but not properly.

    I do not suggest using it *at this time* until it’s flaws are fixed if you are worried about being hacked.

    Emailed creator, been over a week and no response.

    https://www.ads-software.com/extend/plugins/comment-notifier/

Viewing 3 replies - 1 through 3 (of 3 total)
Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘[Plugin: Comment Notifier] 2.0.6 version security flaws.’ is closed to new replies.