[Plugin: WP-FaceThumb] Reflected XSS-vulnerability CWE-79

FYI, please don’t post possible security issues like that in the forums. If it IS an issue, you’ve given the hack to more people. If not, it can hurt a legit plugin. YOu did the right thing by emailing plugins @ www.ads-software.com – We’ll look into it ??

This was public issue already. I did not create the original announcement. More people can be affected by it if nobody knows about issue in the forums/WP community. XSS issues are usually so simple that people can even patch those by themselves if no patch is available from vendor (in this case plugin maintainer) or even in cases where vendor says “we don’t have time to fix this” or similar explanation even the issue is verified.

Do I get some kind of reply from plugins@ address if I notify about security vulnerabilities?

Hello,
I’m at work.
I’ll check that as soon as I’m home.
What tool do you use to check this ?

I have not verified this yet. I am not the original founder of this vulnerability.

Fixed!

Thanks for pointing that out.

Please use CVE-2012-2371 for this issue. Add it to your changelog if possible, thanks.