ReactDOM in the plugin is vulnerable to Cross-site Scripting (XSS)

  • Resolved Nazar Tikhoniuk

    (@nazartikhonyuk)


    3 weeks, 3 days ago

    Info: React applications which rendered to HTML using the ReactDOMServer API were not escaping user-supplied attribute names at render-time. That lack of escaping could lead to a cross-site scripting vulnerability. This issue affected minor releases 16.0.x, 16.1.x, 16.2.x, 16.3.x, and 16.4.x. It was fixed in 16.0.1, 16.1.2, 16.2.1, 16.3.3, and 16.4.2.

    FilePaths:?/wp-content/plugins/visualizer/classes/Visualizer/Gutenberg/build/block.js

    https://security.snyk.io/vuln/npm:react-dom:20180802

    Please consider updating ReactDOM.

    Thanks!

Viewing 1 replies (of 1 total)
  • Plugin Support Stefan Cotitosu

    (@stefancotitosu)

    Hi @nazartikhonyuk,

    Thank you for bringing this matter to our attention. I have reported it internally for further investigation and resolution.

    We will keep you posted on our progress regarding this matter.

    Best regards,

Viewing 1 replies (of 1 total)
  • You must be logged in to reply to this topic.