Recencio vulnerablity?

  • Resolved edwinkort

    (@edwinkort)


    6 months, 3 weeks ago

    Was alerted about this.

    The Recencio Book Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.66.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

    For me, I don’t have other users, so I think I might be safe, but for sites that have contributors, this might be something to be aware of. Hope that the creator of this fine plugin can fix this. See
    https://www.wordfence.com/threat-intel/vulnerabilities/id/23ee5d94-5a51-4ee3-945c-422f3f07634e
    for more infor

Viewing 3 replies - 1 through 3 (of 3 total)
Viewing 3 replies - 1 through 3 (of 3 total)
  • You must be logged in to reply to this topic.